⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2016-8869Improper Input Validation in Joomla !

CWE-20Improper Input Validation10 documents9 sources
Severity
9.8CRITICALNVD
EPSS
91.9%
top 0.30%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Joomla !
Timeline
PublishedNov 4
Latest updateMay 17

Description

The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDjoomla/joomla_!3.6.3

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-v4hj-3rpq-j2ch: The register method in the UsersModelRegistration class in controllers/user2022-05-17
CVEList
CVE-2016-8869: The register method in the UsersModelRegistration class in controllers/user2016-11-04
VulnCheck
Joomla! Joomla! Improper Input Validation2016

💥Exploits & PoCs

2
Exploit-DB
Joomla! 3.4.4 < 3.6.4 - Account Creation / Privilege Escalation2016-10-27
Metasploit
Joomla Account Creation and Privilege Escalation

🕵️Threat Intelligence

3
Unit42
Network Attack Trends: Internet of Threats (November 2020-January 2021)2021-04-12
Unit42
Network Attack Trends: Internet of Threats (November 2020-January 2021)2021-04-12
Fortinet
Joomla – From Nowhere to High Privilege2016-10-27

💬Community

1
Bugzilla
CVE-2015-8869 ocaml: sizes arguments are sign-extended from 32 to 64 bits2016-05-02
CVE-2016-8869 — Improper Input Validation in Joomla ! | cvebase