Problem: during a penetration test i faced a buggy Joomla installation. Joomla version was 3.6.4 and was vulnerable to CVE-2016-8869 . I created an administration account using metasploit module but wait !?
I couldn’t upload a WebShell . i used .pht method with no luck . i had no access to template source files.