CVE-2016-8870 Information

Description

The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 when registration has been disabled allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc http://www.securityfocus.com/bid/93876 http://www.securitytracker.com/id/1037107 http://www.securitytracker.com/id/1037108 https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf https://medium.com/@showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2.rq4qh1v4r https://www.exploit-db.com/exploits/40637/

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.1