QwikSec

Security Database

CVE

CWE

Training

CVE-2016-8870

Published: Nov 4, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html

x_refsource_MISC

https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html

x_refsource_CONFIRM

http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc

x_refsource_MISC

exploit

x_refsource_EXPLOIT-DB

vdb-entry

x_refsource_SECTRACK

vdb-entry

x_refsource_SECTRACK

https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf

x_refsource_CONFIRM

https://medium.com/%40showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.