Davide Tampellini

**Name of the Vulnerable Software and Affected Versions** Joomla! versions prior to 3.8.12 **Description** An issue was discovered in the InputFilter class, where inadequate checks could allow specifically prepared phar files to pass the upload filter. **Recommendations** For versions prior to 3.8.12, update to version 3.8.12 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 2.5.0 through 3.8.8 **Description** An issue was discovered where the autoload code checks classnames to be valid using the `class exists` function in PHP. In PHP 5.3, this function validates invalid names as valid, which can result in a Local File Inclusion. **Recommendations** For Joomla! versions 2.5.0 through 3.8.8, update to version 3.8.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions prior to 3.6.4 **Description** The issue concerns the register method in the UsersModelRegistration class, which allows remote attackers to gain privileges. This is due to the incorrect use of unfiltered data when registering on a site. **Recommendations** For versions prior to 3.6.4, update to version 3.6.4 or later to resolve the issue.