Joomla websites attacked en masse using recently patched exploits

Attackers are aggressively attacking Joomla-based websites by exploiting two critical vulnerabilities patched last week.

The flaws allow the creation of accounts with elevated privileges on websites built with the popular Joomla content management system, even if account registration is disabled. They were patched in Joomla 3.6.4, released Tuesday.

Hackers didn’t waste any time reverse engineering the patches to understand how the two vulnerabilities can be exploited to compromise websites, according to researchers from Web security firm Sucuri.

To read this article in full or to leave a comment, please click here

Read more: Joomla websites attacked en masse using recently patched exploits

Story added 31. October 2016, content source with full text you can find at link above.