CVE-2016-8870
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
0.914 High
EPSS
Percentile
98.9%
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| joomla:joomla\! | joomla joomla! | le | 3.6.3 |
References
www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc
www.securityfocus.com/bid/93876
www.securitytracker.com/id/1037107
www.securitytracker.com/id/1037108
blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html
developer.joomla.org/security-centre/659-20161001-core-account-creation.html
github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf
medium.com/%40showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r
www.exploit-db.com/exploits/40637/
Related
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
0.914 High
EPSS
Percentile
98.9%