Working as a Security Consultant, more often than not, you come across vulnerabilities that are peculiar & at the same time important to be fixed soon. Something of the sort recently happened with me, while looking for new Joomla exploit and attacks in Joomla Security. I came across a vulnerability in Joomla that would give privileges to non-superuser

On Tuesday Joomla announced the security for the critical vulnerability which allows attacker to create account CVE-2016-8870 and escalate the privilege CVE-2016-8869 due to inadequate checks on the registration code. We have mentioned below the cause of the exploit and fix of the issue along with the demonstration of the proof of concept for the exploit. Un

If your a Joomla user, just UPGRADE it to latest version, can here or download new installation package here Joomla officials announced new release – Joomla! 3.4.5 is now available.  Joomla 3.4.5 core package is vulnerable to critical vulnerability – SQL injection, the Joomla released new version to fix SQL injection vulnerability. The vulnerabi

CMSmap is a Python open source Content Management System security scanner that automates the process of detecting security flaws of the most popular CMSs. The main purpose of CMSmap is to integrate common vulnerabilities for different types of CMSs in a single tool.At the moment, CMSs supported by CMSmap are WordPress, Joomla and Drupal. This is as opposed t

Users of the Joomla content management system have been on a patching roller coaster the past 24 hours with one set of patches for critical vulnerabilities being pulled last night before being re-issued today.The Joomla update, bringing the CMS up to version 3.3.6, is a security update addressing a high priority remote file inclusion vulnerability and a deni