Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-8870Improper Input Validation in Joomla !

CWE-20Improper Input Validation8 documents8 sources
Severity
8.1HIGHNVD
EPSS
91.5%
top 0.33%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Joomla !
Timeline
PublishedNov 4
Latest updateMay 17

Description

The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages1 packages

NVDjoomla/joomla_!3.6.3

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-f3v8-7jfc-xgvg: The register method in the UsersModelRegistration class in controllers/user2022-05-17
CVEList
CVE-2016-8870: The register method in the UsersModelRegistration class in controllers/user2016-11-04
VulnCheck
Joomla! Joomla! Improper Input Validation2016

💥Exploits & PoCs

2
Exploit-DB
Joomla! 3.4.4 < 3.6.4 - Account Creation / Privilege Escalation2016-10-27
Metasploit
Joomla Account Creation and Privilege Escalation

🕵️Threat Intelligence

1
Fortinet
Joomla – From Nowhere to High Privilege2016-10-27

📄Research Papers

1
arXiv
On generating network traffic datasets with synthetic attacks for intrusion detection2019-05-01
CVE-2016-8870 — Improper Input Validation in Joomla ! | cvebase