Recently, the national information security vulnerabilities library CNNVD received Beijing white cap Hui Technology Co., Ltd. on Joomla! Content management system there is a security bypass vulnerability(CNNVD-2 0 1 6 1 0-7 3 9)and the remote mention the right vulnerability(CNNVD-2 0 1 6 1 0-7 4 0)in the case of the message send. 1 0 on 2 5 August, the Joomla! The official said the vulnerability has been released the upgrade announcement. Due to the above vulnerability affects a wide range of hazard level high, the national information security vulnerabilities library CNNVD for the tracking analysis, the situation is as follows.
A, vulnerability introduction
Joomla! Is the United States the Open Source Matters team using PHP and MySQL to develop a set of open-source, cross-platform Content Management System(CMS).
Joomla! 3.4. 4 to 3. 6. 3 versions of the kernel components in the components/com_users/controllers/user. php file in the‘UsersControllerUser::register()’function security bypass vulnerability(vulnerability ID: CNNVD-2 0 1 6 1 0-7 3 9, CVE-2 0 1 6-8 8 7 0),the vulnerability stems from the registration function does not determine whether a site is closed for registration. An attacker can exploit this vulnerability to bypass security restrictions, the registration of the new user.
Joomla! 3.4. 4 to 3. 6. 3 versions of the kernel components in the components/com_users/controllers/user. php file in the‘UsersControllerUser::register()’function in the presence of a remote mention the right vulnerability(vulnerability ID: CNNVD-2 0 1 6 1 0-7 4 0, CVE-2 0 1 6-8 8 6 9), the vulnerability stems from the registration function is not to register the field to be filtered. The attacker can construct malicious data exploit the vulnerability to elevate privileges.
Second, the vulnerability to hazards
A remote attacker can use containing the above-mentioned vulnerability of the register functions for user registration, and to construct malicious data so that the user permissions elevated to administrator privileges, so for the server to upload Trojans and other malicious programs, further control the server.
According to statistics, at present, the existing global nearly 8 6 million websites use Joomla! System, the presence of the vulnerability site number 1 5 2 9 6, a total coverage of 1 0 0 countries and hundreds of cities, in which the top five countries were United States, Germany, the Netherlands, Russia and France.
! 6 4 0
My affected site has about 1 4 6, mainly located in Hangzhou(5 3%), Kunming(1 4%), Beijing(7%)and other cities, to governments, universities and other industry sites.
Third, the repair measures
1, the currently, Joomla! Authorities have released the upgrade announcement, the affected users can upgrade to 3. 6. 4 version to eliminate the vulnerability.
Announcement link: https://developer.joomla.org/security-centre.html
2, for customized or the system changes the users, you can manually delete the redundant registration function way to fix that is remove the site path components\com_users\controllers\user. php file in the register method.
This report by the CNNVD technical support units—Beijing white cap Hui Technology Co., Ltd. to provide support.
CNNVD will continue to track the vulnerability of the relevant circumstances, the timely release relevant information. If necessary, can be used with CNNVD contact.