CVE-2016-8870 (GCVE-0-2016-8870)
Vulnerability from cvelistv5
Published
2016-11-04 21:00
Modified
2024-08-06 02:35
Severity ?
CWE
  • n/a
Summary
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.
References
cve@mitre.org http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc Third Party Advisory
cve@mitre.org http://www.securityfocus.com/bid/93876 Third Party Advisory, VDB Entry
cve@mitre.org http://www.securitytracker.com/id/1037107
cve@mitre.org http://www.securitytracker.com/id/1037108 Third Party Advisory, VDB Entry
cve@mitre.org https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html
cve@mitre.org https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html Vendor Advisory
cve@mitre.org https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf Patch
cve@mitre.org https://medium.com/%40showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r
cve@mitre.org https://www.exploit-db.com/exploits/40637/ Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 http://www.securityfocus.com/bid/93876 Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108 http://www.securitytracker.com/id/1037107
af854a3a-2127-422b-91ae-364da2661108 http://www.securitytracker.com/id/1037108 Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108 https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html
af854a3a-2127-422b-91ae-364da2661108 https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf Patch
af854a3a-2127-422b-91ae-364da2661108 https://medium.com/%40showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r
af854a3a-2127-422b-91ae-364da2661108 https://www.exploit-db.com/exploits/40637/ Exploit, Third Party Advisory
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:35:01.133Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "93876",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93876"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc"
          },
          {
            "name": "40637",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/40637/"
          },
          {
            "name": "1037108",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037108"
          },
          {
            "name": "1037107",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037107"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "93876",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93876"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc"
        },
        {
          "name": "40637",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/40637/"
        },
        {
          "name": "1037108",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037108"
        },
        {
          "name": "1037107",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037107"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-8870",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "93876",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93876"
            },
            {
              "name": "https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html",
              "refsource": "MISC",
              "url": "https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html"
            },
            {
              "name": "https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html",
              "refsource": "CONFIRM",
              "url": "https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html"
            },
            {
              "name": "http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc",
              "refsource": "MISC",
              "url": "http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc"
            },
            {
              "name": "40637",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/40637/"
            },
            {
              "name": "1037108",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037108"
            },
            {
              "name": "1037107",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037107"
            },
            {
              "name": "https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf",
              "refsource": "CONFIRM",
              "url": "https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf"
            },
            {
              "name": "https://medium.com/@showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r",
              "refsource": "MISC",
              "url": "https://medium.com/@showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-8870",
    "datePublished": "2016-11-04T21:00:00",
    "dateReserved": "2016-10-21T00:00:00",
    "dateUpdated": "2024-08-06T02:35:01.133Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-8870\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2016-11-04T21:59:08.677\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.\"},{\"lang\":\"es\",\"value\":\"El m\u00e9todo de registro en la clase UsersModelRegistration en controllers/user.php en el componente Users en Joomla! en versiones anteriores a 3.6.4, cuando ha sido desactivado el registro, permite a atacantes remotos crear cuentas de usuario aprovechando el fallo para comprobar el ajuste de configuraci\u00f3n Allow User Registration.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:joomla:joomla\\\\!:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.6.3\",\"matchCriteriaId\":\"59292C00-859C-4F23-B92F-D525DDA76582\"}]}]}],\"references\":[{\"url\":\"http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/93876\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037107\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1037108\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://medium.com/%40showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.exploit-db.com/exploits/40637/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/93876\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037107\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1037108\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://medium.com/%40showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/40637/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.