Short Name |
HTTP:PHP:JOOMLA-PB-PE |
---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Joomla! CMS Policy Bypass and Privilege Escalation |
Release Date |
2016/11/13 |
Update Number |
2804 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in the Joomla! CMS. An attacker can leverage the lack of sufficient input validation in the deprecated function to register with elevated privileges.
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.