CVE-2016-8869

CRITICAL EXPLOITED IN THE WILD LAB

Joomla! <3.6.4 - Privilege Escalation

Title source: llm

Description

The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.

Exploits (6)

exploitdb WORKING POC

by Xiphos Research Ltd · textwebappsphp

https://www.exploit-db.com/exploits/40637

View Code ZIP pw:eip

nomisec WORKING POC 7 stars

by rustyJ4ck · poc

https://github.com/rustyJ4ck/JoomlaCVE20168869

View Code ZIP pw:eip

gitlab

by 10vuln · poc

https://gitlab.com/penetration-test-learn/10vuln/exploits

View on gitlab

nomisec WORKING POC

by cved-sources · poc

https://github.com/cved-sources/cve-2016-8869

View Code ZIP pw:eip

nomisec WORKING POC

by zugetor · poc

https://github.com/zugetor/Joomla-3.4.4-3.6.4_CVE-2016-8869_and_CVE-2016-8870

View Code ZIP pw:eip

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/joomla_registration_privesc.rb

View Code ZIP pw:eip

References (8)

[Third Party Advisory] http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/93883

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1037108

[Exploit, Technical Description, Third Party Advisory] https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html

[Vendor Advisory] https://developer.joomla.org/security-centre/660-20161002-core-elevated-privileges.html

[Patch] https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf

[Various Sources] https://medium.com/%40showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/40637/

Scores

CVSS v3 9.8

EPSS 0.9192

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Lab Environment

COMMUNITY

Community Lab

docker pull medicean/vulapps:base_joomla_3.5

https://github.com/zugetor/Joomla-3.4.4-3.6.4_CVE-2016-8869_and_CVE-2016-8870

https://github.com/rustyJ4ck/JoomlaCVE20168869

https://github.com/cved-sources/cve-2016-8869

+1 more repos

View in Library

Details

VulnCheck KEV 2016-10-28

InTheWild.io 2021-04-12

CWE

CWE-20

Status published

Products (1)

joomla/joomla\! < 3.6.3

Published Nov 04, 2016

Tracked Since Feb 18, 2026