Recently, it was revealed that the CMS system has the account creation vulnerability, CVE-2016-8869, and privilege escalation vulnerability, CVE-2016-8870. A remote attacker can bypass security restrictions to create an account even if the registration is closed, escalate to administrator’s privileges, and thus remotely control the website system.
See the following for more information about the vulnerability.
Joomla! account creation vulnerability and privilege escalation vulnerability
The vulnerabilities allow a remote attacker to bypass security restrictions to create an account, escalate to administrator’s privileges, and thus remotely control the website system.
Joomla! 3.4.4 to 3.6.3
Check whether the Joomla! installed on your website falls into the versions from 3.4.4 to 3.6.3.
How to fix or mitigate
Upgrade Joomla! to 3.6.4 or later.