Lucene search

K

MitreCVELIST:CVE-2016-8870

HistoryNov 04, 2016 - 9:00 p.m.

CVE-2016-8870

2016-11-0421:00:00

mitre

www.cve.org

6

AI Score

8.9

Confidence

High

EPSS

0.914

Percentile

98.9%

The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.

References

www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc

www.securityfocus.com/bid/93876

www.securitytracker.com/id/1037107

www.securitytracker.com/id/1037108

blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html

developer.joomla.org/security-centre/659-20161001-core-account-creation.html

github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf

medium.com/%40showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r

www.exploit-db.com/exploits/40637/

AI Score

8.9

Confidence

High

EPSS

0.914

Percentile

98.9%

Related for CVELIST:CVE-2016-8870

nvd1 cve1 joomla1 checkpoint_advisories1 prion1 seebug2 thn1 metasploit1 packetstorm1 zdt1 exploitdb1 openvas1 nessus5 freebsd1