CVE-2016-8870
Vulnerability from cvelistv5
Published
2016-11-04 21:00
Modified
2024-08-06 02:35
Severity ?
Summary
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.
References
cve@mitre.orghttp://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privescThird Party Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/93876Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.securitytracker.com/id/1037107
cve@mitre.orghttp://www.securitytracker.com/id/1037108Third Party Advisory, VDB Entry
cve@mitre.orghttps://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html
cve@mitre.orghttps://developer.joomla.org/security-centre/659-20161001-core-account-creation.htmlVendor Advisory
cve@mitre.orghttps://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcfPatch
cve@mitre.orghttps://medium.com/%40showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r
cve@mitre.orghttps://www.exploit-db.com/exploits/40637/Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privescThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/93876Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037107
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037108Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html
af854a3a-2127-422b-91ae-364da2661108https://developer.joomla.org/security-centre/659-20161001-core-account-creation.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcfPatch
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/40637/Exploit, Third Party Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:35:01.133Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "93876",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93876"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc"
          },
          {
            "name": "40637",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/40637/"
          },
          {
            "name": "1037108",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037108"
          },
          {
            "name": "1037107",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037107"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "93876",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93876"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc"
        },
        {
          "name": "40637",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/40637/"
        },
        {
          "name": "1037108",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037108"
        },
        {
          "name": "1037107",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037107"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-8870",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "93876",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93876"
            },
            {
              "name": "https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html",
              "refsource": "MISC",
              "url": "https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html"
            },
            {
              "name": "https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html",
              "refsource": "CONFIRM",
              "url": "https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html"
            },
            {
              "name": "http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc",
              "refsource": "MISC",
              "url": "http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc"
            },
            {
              "name": "40637",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/40637/"
            },
            {
              "name": "1037108",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037108"
            },
            {
              "name": "1037107",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037107"
            },
            {
              "name": "https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf",
              "refsource": "CONFIRM",
              "url": "https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf"
            },
            {
              "name": "https://medium.com/@showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r",
              "refsource": "MISC",
              "url": "https://medium.com/@showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-8870",
    "datePublished": "2016-11-04T21:00:00",
    "dateReserved": "2016-10-21T00:00:00",
    "dateUpdated": "2024-08-06T02:35:01.133Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:joomla:joomla\\\\!:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.6.3\", \"matchCriteriaId\": \"59292C00-859C-4F23-B92F-D525DDA76582\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.\"}, {\"lang\": \"es\", \"value\": \"El m\\u00e9todo de registro en la clase UsersModelRegistration en controllers/user.php en el componente Users en Joomla! en versiones anteriores a 3.6.4, cuando ha sido desactivado el registro, permite a atacantes remotos crear cuentas de usuario aprovechando el fallo para comprobar el ajuste de configuraci\\u00f3n Allow User Registration.\"}]",
      "id": "CVE-2016-8870",
      "lastModified": "2024-11-21T03:00:12.563",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2016-11-04T21:59:08.677",
      "references": "[{\"url\": \"http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/93876\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1037107\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id/1037108\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://medium.com/%40showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.exploit-db.com/exploits/40637/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/93876\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1037107\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1037108\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://medium.com/%40showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/40637/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-8870\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2016-11-04T21:59:08.677\",\"lastModified\":\"2024-11-21T03:00:12.563\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.\"},{\"lang\":\"es\",\"value\":\"El m\u00e9todo de registro en la clase UsersModelRegistration en controllers/user.php en el componente Users en Joomla! en versiones anteriores a 3.6.4, cuando ha sido desactivado el registro, permite a atacantes remotos crear cuentas de usuario aprovechando el fallo para comprobar el ajuste de configuraci\u00f3n Allow User Registration.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:joomla:joomla\\\\!:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.6.3\",\"matchCriteriaId\":\"59292C00-859C-4F23-B92F-D525DDA76582\"}]}]}],\"references\":[{\"url\":\"http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/93876\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037107\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1037108\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://medium.com/%40showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.exploit-db.com/exploits/40637/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/93876\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037107\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1037108\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://medium.com/%40showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/40637/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.