A critical authentication bypass and privilege escalation exploit has been discovered by Melvin Lammerts. The exploit affects all Joomla versions from 3.4.4 through 3.6.3. The vulnerability is extremely critical and allows attackers to register an account with admin privileges.
[Solution] Upgrade to Joomla version 3.6.4
Read a more recent write up by Fortinet.
As always, we recommend you to run regular security tests on your website to keep up with all the latest vulnerabilities.