CVE-2016-8869

EPSS 97.4%

Vexday Risk Score

60Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS —EPSS 97.4%KEV nãoPoC públicaNuclei —Metasploit simPatch —

Lifecycle

25 Oct 2016Metasploit module available

27 Oct 2016Public PoC

04 Nov 2016Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.

Affected products

n/a · n/a

public PoCs found — 5

githubgithub.com/rustyJ4ck/JoomlaCVE20168869★ 7 githubgithub.com/zugetor/Joomla-3.4.4-3.6.4_CVE-2016-8869_and_CVE-2016-8870★ 0 githubgithub.com/cved-sources/cve-2016-8869★ 0 cve_referencewww.exploit-db.com/exploits/40637/unverified exploitdbwww.exploit-db.com/exploits/40637unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html https://developer.joomla.org/security-centre/660-20161002-core-elevated-privileges.html https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf https://medium.com/%40showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r https://www.exploit-db.com/exploits/40637/http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc http://www.securityfocus.com/bid/93883 http://www.securitytracker.com/id/1037108