CVE-2016-8869 Joomla! Core Privilege Escalation and Account Creation Vulnerabilities

0daybank资讯【www.0daybank.org】:

漏洞类别:CGI

漏洞等级: 《CVE-2016-8869 Joomla! Core Privilege Escalation and Account Creation Vulnerabilities》

漏洞信息

Joomla! is a free and open-source content management system written in PHP. It uses object oriented programming techniques and is built on a model-view-controller web application framework. It includes features such as page caching, RSS feeds, printable versions of pages, news flashes, blogs, polls, search, and support for language internationalization.

Joomla! contains the following vulnerabilities:
CVE-2016-8869: [20161002] – Core – Elevated Privileges – Incorrect use of unfiltered data allows for users to register on a site with elevated privileges.
CVE-2016-8870: [20161001] – Core – Account Creation – Inadequate checks allows for users to register on a site when registration has been disabled.

Affected Versions:
Joomla! 3.4.4 through 3.6.3

漏洞危害

Successful exploitation allows attackers to execute arbitrary code with elevated privileges, or create accounts even when registration is disabled.

解决方案

Customers are advised to update to Joomla! 3.6.4 or later versions to fix this vulnerability.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

Joomla! 3.6.4 or later

0day

点赞

发表评论