vulnerability

Joomla!: [20161001] - Core - Account Creation (CVE-2016-8870)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	Oct 26, 2016	Oct 26, 2016	Mar 30, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Oct 26, 2016

Added

Oct 26, 2016

Modified

Mar 30, 2026

Description

The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.

Solution

joomla-upgrade-3_6_4

References

CVE-2016-8870
https://attackerkb.com/topics/CVE-2016-8870
CWE-20
EUVD-EUVD-2016-9695
http://developer.joomla.org/security-centre/659-20161001-core-account-creation.html
https://euvd.enisa.europa.eu/vulnerability/EUVD-2016-9695

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today