CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9837
https://notcve.org/view.php?id=CVE-2016-9837
An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view allow users to view articles that should not be publicly accessible, as demonstrated by an index.php?option=com_content&view=article&id=1&template=beez3 request. Un problema fue descubierto en templates/beez3/html/com_content/article/default.php en Joomla! • http://www.securityfocus.com/bid/94892 https://www.joomla.org/announcements/release-news/5693-joomla-3-6-5-released.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2016-9836
https://notcve.org/view.php?id=CVE-2016-9836
The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the `.php6`, `.php7`, `.phtml`, and `.phpt` extensions. Additionally, JHelperMedia::canUpload() did not blacklist these file extensions as uploadable file types. El mecanismo de escaneado de documentos de JFilterInput::isFileSafe() en Joomla! CMS en versiones anteriores a 3.6.5 no considera extensiones de archivo PHP alternativas cuando comprueba archivos subidos para contenido PHP, lo que permite a un usuario cargar y ejecutar archivos con las extensiones `.php6`, `.php7`, `.phtml` y `.phpt`. • http://www.securityfocus.com/bid/94663 https://github.com/XiphosResearch/exploits/tree/master/Joomraa • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 92%CPEs: 1EXPL: 2CVE-2016-8869 – Joomla! 3.4.4 < 3.6.4 - Account Creation / Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-8869
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site. El método de registro en la clase UsersModelRegistration en controllers/user.php en el componente Users en Joomla! en versiones anteriores a 3.6.4 permite a atacantes remotos obtener privilegios aprovechando el uso incorrecto de datos no filtrados al registrarse en un sitio. • https://www.exploit-db.com/exploits/40637 http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc http://www.securityfocus.com/bid/93883 http://www.securitytracker.com/id/1037108 https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html https://developer.joomla.org/security-centre/660-20161002-core-elevated-privileges.html https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf https://medium.com/%40showthread/jooml • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 91%CPEs: 1EXPL: 1CVE-2016-8870 – Joomla! 3.4.4 < 3.6.4 - Account Creation / Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-8870
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting. El método de registro en la clase UsersModelRegistration en controllers/user.php en el componente Users en Joomla! en versiones anteriores a 3.6.4, cuando ha sido desactivado el registro, permite a atacantes remotos crear cuentas de usuario aprovechando el fallo para comprobar el ajuste de configuración Allow User Registration. • https://www.exploit-db.com/exploits/40637 http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc http://www.securityfocus.com/bid/93876 http://www.securitytracker.com/id/1037107 http://www.securitytracker.com/id/1037108 https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 29EXPL: 0CVE-2015-8769
https://notcve.org/view.php?id=CVE-2015-8769
SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Joomla! 3.x en versiones anteriores a 3.4.7 permite a atacantes ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/79679 http://www.securitytracker.com/id/1034658 https://developer.joomla.org/security-centre/640-20151207-core-sql-injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •