The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! prior to 3.6.4 allows remote malicious users to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
joomla joomla\\! |
If you didn't patch, you've probably been p0wned already
Attackers are already exploiting a dangerous privileged account creation hole in the Joomla! content management system attempting, with attempts made on about 30,000 sites in the days days after a patch for the flaw landed. The vulnerability, which allows anyone to create privileged accounts on Joomla! sites, was first flagged in a scant Joomla! pre-release notice warning administrators to prepare for a then un-described but critical patch. At the time The Register warned the then mysterious fla...
Borked two factor authentication also fixed
Joomla! has revealed it's patched twin critical flaws allowing attackers to bypass rules and create elevated privilege accounts. Project staff warned of the looming patch this week asking administrators to prepare for the patch and apply it immediately. The Joomla! security strike team said at the time only that a hole impacted the content management system core and was a "very important" fix. Joomla! has been downloaded more than 75 million times and runs on big ticket sites including McDonalds...