7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.929 High
EPSS
Percentile
99.1%
The JSST and the Joomla! Security Center report:
[20161001] - Core - Account Creation
Inadequate checks allows for users to register on a site when
registration has been disabled.
[20161002] - Core - Elevated Privilege
Incorrect use of unfiltered data allows for users to register on a
site with elevated privileges.
[20161003] - Core - Account Modifications
Incorrect use of unfiltered data allows for existing user accounts
to be modified; to include resetting their username, password, and
user group assignments.
developer.joomla.org/security-centre/659-20161001-core-account-creation.html
developer.joomla.org/security-centre/660-20161002-core-elevated-privileges.html
developer.joomla.org/security-centre/661-20161003-core-account-modifications.html
www.joomla.org/announcements/release-news/5678-joomla-3-6-4-released.html
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.929 High
EPSS
Percentile
99.1%