The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
| Link | Tags |
|---|---|
| http://www.securityfocus.com/bid/93876 | vdb entry third party advisory |
| https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html | |
| https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html | vendor advisory |
| http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc | third party advisory |
| https://www.exploit-db.com/exploits/40637/ | third party advisory exploit |
| http://www.securitytracker.com/id/1037108 | vdb entry third party advisory |
| http://www.securitytracker.com/id/1037107 | vdb entry |
| https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf | patch |
| https://medium.com/%40showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r |