High severity8.1NVD Advisory· Published Nov 4, 2016· Updated Jun 17, 2026
CVE-2016-8870
CVE-2016-8870
Description
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <3.6.4
Patches
Vulnerability mechanics
References
9- github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcfnvdPatch
- www.exploit-db.com/exploits/40637/nvdExploitThird Party Advisory
- www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privescnvdThird Party Advisory
- www.securityfocus.com/bid/93876nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1037108nvdThird Party AdvisoryVDB Entry
- developer.joomla.org/security-centre/659-20161001-core-account-creation.htmlnvdVendor Advisory
- www.securitytracker.com/id/1037107nvd
- blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.htmlnvd
- medium.com/%40showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2nvd
News mentions
0No linked articles in our index yet.