CVE-2016-8870
CVE-2016-8870
Vexday Risk Score
82Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 82.1%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Lifecycle
25 Oct 2016Metasploit module available
27 Oct 2016Public PoC
04 Nov 2016Published on NVD
Recommendation: Patch as soon as possible — active exploitation confirmed.
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.
Affected products
n/a · n/apublic PoCs found — 3
githubgithub.com/cved-sources/cve-2016-8870★ 0cve_referencewww.exploit-db.com/exploits/40637/unverifiedexploitdbwww.exploit-db.com/exploits/40637unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.htmlhttps://developer.joomla.org/security-centre/659-20161001-core-account-creation.htmlhttps://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcfhttps://medium.com/%40showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4rhttps://www.exploit-db.com/exploits/40637/http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_priveschttp://www.securityfocus.com/bid/93876http://www.securitytracker.com/id/1037107http://www.securitytracker.com/id/1037108