VYPR
High severity8.1NVD Advisory· Published Nov 4, 2016· Updated Jun 17, 2026

CVE-2016-8870

CVE-2016-8870

Description

The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Joomla/Joomla!2 versions
    cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*range: <=3.6.3
    • (no CPE)range: <3.6.4
  • Range: <3.6.4

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.