Joomla!

Joomla! released an update to patch both a cache access control vulnerability CVE-2017-9933 and an input validation vulnerability CVE-2017-9934 present in Joomla! CMS versions up to 3.7.2. Successful exploitation of CVE-2017-9933 could allow a remote threat actor to gain unauthorized access to sensitive information stored on the target system. Successful exploitation of CVE-2017-9934 could allow a remote threat actor to conduct XSS attacks. The NJCCIC recommends administrators of websites powered by Joomla! CMS versions 1.7.3 to 3.7.2 review the Joomla! Security Announcementspage and update to version 3.7.3 as soon as possible.