Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors.
http://www.securitytracker.com/id/1032796
http://www.securityfocus.com/bid/76495
http://developer.joomla.org/security-centre/618-20150602-core-remote-code-execution.html