- Project: Joomla!
- SubProject: CMS
- Severity: Low
- Versions: 3.0.0 through 3.6.4
- Exploit type: Information Disclosure
- Reported Date: 2016-April-15
- Fixed Date: 2016-December-06
- CVE Number: CVE-2016-9837
Description
Inadequate ACL checks in the Beez3 com_content article layout override enables a user to view restricted content.
Affected Installs
Joomla! CMS versions 3.0.0 through 3.6.4
Solution
Upgrade to version 3.6.5
Contact
The JSST at the Joomla! Security Centre.
Reported By: Christiaan Klatte and Brian Teeman