CVE-2016-8870
N/A
N/A
Summary
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/93876
- https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html
- https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html
- http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc
- https://www.exploit-db.com/exploits/40637/
- http://www.securitytracker.com/id/1037108
- http://www.securitytracker.com/id/1037107
- https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf
- https://medium.com/%40showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r
References
- http://www.securityfocus.com/bid/93876
- https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html
- https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html
- http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc
- https://www.exploit-db.com/exploits/40637/
- http://www.securitytracker.com/id/1037108
- http://www.securitytracker.com/id/1037107
- https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf
- https://medium.com/%40showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.