Description

The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.

Remediation

References

CVE-2016-8869

Related Vulnerabilities

WordPress Plugin WP e-Commerce-Store Exporter Privilege Escalation (1.6.6)

Python Other Vulnerability (CVE-2002-1119)

WordPress Plugin KJM Admin Notices Cross-Site Scripting (2.0.1)

WordPress Plugin UpdraftPlus WordPress Backup Cross-Site Scripting (1.16.68)

e107 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-6433)

Severity

Critical

Classification

CVE-2016-8869 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities