Demis Palma

**Name of the Vulnerable Software and Affected Versions** Joomla! Core versions prior to 3.8.8 **Description** An issue was discovered that could allow PHAR files to be handled as executable PHP scripts by the webserver, depending on the server configuration. **Recommendations** For versions prior to 3.8.8, update to version 3.8.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions prior to 3.6.4 **Description** The issue concerns the register method in the UsersModelRegistration class, which fails to check the Allow User Registration configuration setting when registration has been disabled. This allows remote attackers to create user accounts. **Recommendations** For versions prior to 3.6.4, update to version 3.6.4 or later to resolve the issue. As a temporary workaround, consider disabling the registration functionality until a patch is available. Restrict access to the Users component to minimize the risk of exploitation.