CVE-2016-9081

Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
joomlajoomla\!
3.4.4
joomlajoomla\!
3.4.5
joomlajoomla\!
3.4.6
joomlajoomla\!
3.4.7
joomlajoomla\!
3.4.8
joomlajoomla\!
3.4.8:rc
joomlajoomla\!
3.5.0
joomlajoomla\!
3.5.0:beta
joomlajoomla\!
3.5.0:beta2
joomlajoomla\!
3.5.0:beta3
joomlajoomla\!
3.5.0:beta4
joomlajoomla\!
3.5.0:beta5
joomlajoomla\!
3.5.0:rc
joomlajoomla\!
3.5.0:rc2
joomlajoomla\!
3.5.0:rc3
joomlajoomla\!
3.5.0:rc4
joomlajoomla\!
3.5.1
joomlajoomla\!
3.5.1:rc
joomlajoomla\!
3.5.1:rc2
joomlajoomla\!
3.6.0
joomlajoomla\!
3.6.0:alpha
joomlajoomla\!
3.6.0:beta1
joomlajoomla\!
3.6.0:beta2
joomlajoomla\!
3.6.0:rc
joomlajoomla\!
3.6.0:rc2
joomlajoomla\!
3.6.1
joomlajoomla\!
3.6.1:rc1
joomlajoomla\!
3.6.1:rc2
joomlajoomla\!
3.6.2
joomlajoomla\!
3.6.3
joomlajoomla\!
3.6.3:rc1
joomlajoomla\!
3.6.3:rc2
joomlajoomla\!
3.6.3:rc3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/93969
https://developer.joomla.org/security-centre/661-20161003-core-account-modifications.html
http://www.securityfocus.com/bid/93969
https://developer.joomla.org/security-centre/661-20161003-core-account-modifications.html