CVE-2016-8870

EUVD-2016-9695
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
joomlajoomla\!
𝑥
≤ 3.6.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc
http://www.securityfocus.com/bid/93876
http://www.securitytracker.com/id/1037107
http://www.securitytracker.com/id/1037108
https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html
https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html
https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf
https://medium.com/%40showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r
https://www.exploit-db.com/exploits/40637/
http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc
http://www.securityfocus.com/bid/93876
http://www.securitytracker.com/id/1037107
http://www.securitytracker.com/id/1037108
https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html
https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html
https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf
https://medium.com/%40showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r
https://www.exploit-db.com/exploits/40637/