CVE-2016-9837

Name of the Vulnerable Software and Affected Versions Joomla! versions prior to 3.6.5

Description An issue was discovered in the Beez3 layout override of the com content article view, where inadequate permissions checks allow users to view articles that should not be publicly accessible. This can be demonstrated by a request to the "index.php?option=com content&view=article&id=1&template=beez3" endpoint.

Recommendations For versions prior to 3.6.5, update to version 3.6.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the com content article view until a patch is available. Avoid using the template parameter in the affected endpoint until the issue is resolved.