← back
CVE-2016-8870

CVE-2016-8870

EPSS 82.1%◆ VulnCheck KEV
Vexday Risk Score
82Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 82.1%KEV nãoPoC públicaNuclei Metasploit simPatch
Lifecycle
25 Oct 2016Metasploit module available
27 Oct 2016Public PoC
04 Nov 2016Published on NVD
Recommendation: Patch as soon as possible — active exploitation confirmed.
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.