Vulnerability Details : CVE-2016-8870
Public exploit exists!
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.
Vulnerability category: Input validation
Products affected by CVE-2016-8870
- cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-8870
91.42%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2016-8870
-
Joomla Account Creation and Privilege Escalation
Disclosure Date: 2016-10-25First seen: 2020-04-26auxiliary/admin/http/joomla_registration_privescThis module creates an arbitrary account with administrative privileges in Joomla versions 3.4.4 through 3.6.3. If an email server is configured in Joomla, an email will be sent to activate the account (the account is disabled by default). Authors: - Fabio Pires <fp@i
CVSS scores for CVE-2016-8870
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.1
|
HIGH | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST |
CWE ids for CVE-2016-8870
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-8870
-
http://www.securitytracker.com/id/1037107
Joomla! Access Control Flaw Lets Remote Users Register on the Target System When Registration is Disabled - SecurityTracker
-
http://www.securityfocus.com/bid/93876
Joomla! Core CVE-2016-8870 Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html
Details on the Privilege Escalation Vulnerability in Joomla
-
https://www.exploit-db.com/exploits/40637/
Joomla! 3.4.4 < 3.6.4 - Account Creation / Privilege EscalationExploit;Third Party Advisory
-
https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html
[20161001] - Core - Account CreationVendor Advisory
-
http://www.securitytracker.com/id/1037108
Joomla! Input Validation Flaw Lets Remote Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
https://medium.com/@showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r
Joomla (< 3.6.4) Account Creation/Elevated Privileges write-up and exploitTechnical Description;Third Party Advisory
-
https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf
Prepare 3.6.4 Stable Release · joomla/joomla-cms@bae1d43 · GitHubPatch
-
http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc
Joomla Account Creation and Privilege EscalationThird Party Advisory
Jump to