Description

The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.

Remediation

References

CVE-2016-8870

Related Vulnerabilities

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6335)

XOOPS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-3296)

Drupal Core 5.x Session Fixation (5.0 - 5.19)

WordPress Plugin Easy Testimonials Cross-Site Scripting (3.0.4)

WordPress Plugin NextGEN Gallery-WordPress Gallery Remote Code Execution (2.1.59)

Severity

High

Classification

CVE-2016-8870 CWE-20 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities