July 29th, 2017
Last week the Joomla! Project released Joomla! 3.7.4, a release that included 2 security fixes, one of them rated as a "high severity" issue related to the installer application of the CMS. In the initial bulletin published in the Security Centre, no further details on the actual attack vector have been disclosed - but as the vector has now been disclosed by the initial reporter Hanno Böck in a talk at the Def Con conference, I would like to share some insights from the perspective of the Security Team.