CVE-2016-8869

Published: Nov 4, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://developer.joomla.org/security-centre/660-20161002-core-elevated-privileges.html

x_refsource_CONFIRM

93883

vdb-entry

x_refsource_BID

https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html

x_refsource_MISC

http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc

x_refsource_MISC

40637

exploit

x_refsource_EXPLOIT-DB

1037108

vdb-entry

x_refsource_SECTRACK

https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf

x_refsource_CONFIRM

https://medium.com/%40showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-8869

Description

Affected Products

References