Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name	HTTP:PHP:JOOMLA-PB-PE
Severity	Major
Recommended	Yes
Recommended Action	Drop
Category	HTTP
Keywords	Joomla! CMS Policy Bypass and Privilege Escalation
Release Date	2016/11/13
Update Number	2804
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Joomla! CMS Policy Bypass and Privilege Escalation

This signature detects attempts to exploit a known vulnerability in the Joomla! CMS. An attacker can leverage the lack of sufficient input validation in the deprecated function to register with elevated privileges.

Extended Description

The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.

Affected Products

Joomla joomla! 3.6.3

References

CVE: CVE-2016-8870
CVE: CVE-2016-8869

Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Joomla! CMS Policy Bypass and Privilege Escalation

Extended Description

Affected Products

References