[20161001] – Core – Account Creation

  • Project: Joomla!
  • SubProject: CMS
  • Severity: High
  • Versions: 3.4.4 through 3.6.3
  • Exploit type: Account Creation
  • Reported Date: 2016-October-18
  • Fixed Date: 2016-October-25
  • CVE Number: CVE-2016-8870

Description

Inadequate checks allows for users to register on a site when registration has been disabled.

Affected Installs

Joomla! CMS versions 3.4.4 through 3.6.3

Solution

Upgrade to version 3.6.4

Contact

The JSST at the Joomla! Security Centre.

Reported By: Demis Palma

Leave a Comment