CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2016-9838 – Joomla! < 3.6.4 - Admin Takeover
https://notcve.org/view.php?id=CVE-2016-9838
An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account and reset the user's group mappings, username, and password, as demonstrated by submitting a form that targets the `registration.register` task. Un problema fue descubierto en components/com_users/models/registration.php en Joomla! en versiones anteriores a 3.6.5. • https://www.exploit-db.com/exploits/41157 http://www.securityfocus.com/bid/94893 https://www.joomla.org/announcements/release-news/5693-joomla-3-6-5-released.html • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2016-9836
https://notcve.org/view.php?id=CVE-2016-9836
The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the `.php6`, `.php7`, `.phtml`, and `.phpt` extensions. Additionally, JHelperMedia::canUpload() did not blacklist these file extensions as uploadable file types. El mecanismo de escaneado de documentos de JFilterInput::isFileSafe() en Joomla! CMS en versiones anteriores a 3.6.5 no considera extensiones de archivo PHP alternativas cuando comprueba archivos subidos para contenido PHP, lo que permite a un usuario cargar y ejecutar archivos con las extensiones `.php6`, `.php7`, `.phtml` y `.phpt`. • http://www.securityfocus.com/bid/94663 https://github.com/XiphosResearch/exploits/tree/master/Joomraa • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 92%CPEs: 1EXPL: 2CVE-2016-8869 – Joomla! 3.4.4 < 3.6.4 - Account Creation / Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-8869
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site. El método de registro en la clase UsersModelRegistration en controllers/user.php en el componente Users en Joomla! en versiones anteriores a 3.6.4 permite a atacantes remotos obtener privilegios aprovechando el uso incorrecto de datos no filtrados al registrarse en un sitio. • https://www.exploit-db.com/exploits/40637 http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc http://www.securityfocus.com/bid/93883 http://www.securitytracker.com/id/1037108 https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html https://developer.joomla.org/security-centre/660-20161002-core-elevated-privileges.html https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf https://medium.com/%40showthread/jooml • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 91%CPEs: 1EXPL: 1CVE-2016-8870 – Joomla! 3.4.4 < 3.6.4 - Account Creation / Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-8870
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting. El método de registro en la clase UsersModelRegistration en controllers/user.php en el componente Users en Joomla! en versiones anteriores a 3.6.4, cuando ha sido desactivado el registro, permite a atacantes remotos crear cuentas de usuario aprovechando el fallo para comprobar el ajuste de configuración Allow User Registration. • https://www.exploit-db.com/exploits/40637 http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc http://www.securityfocus.com/bid/93876 http://www.securitytracker.com/id/1037107 http://www.securitytracker.com/id/1037108 https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 29EXPL: 0CVE-2015-8769
https://notcve.org/view.php?id=CVE-2015-8769
SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Joomla! 3.x en versiones anteriores a 3.4.7 permite a atacantes ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/79679 http://www.securitytracker.com/id/1034658 https://developer.joomla.org/security-centre/640-20151207-core-sql-injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •