RULE(RULE ID:313020)

Rule General Information
Release Date: 2016-11-01
Rule Name: Joomla! Core Security Bypass Vulnerability -2 (CVE-2016-8870)
Severity:
CVE ID:
Rule Protection Details
Description: Vulnerability in register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.
Impact: An attacker can take advantage of the vulnerability to bypass the security policy implemented by the software administrator, and perform unauthorized actions to the target system.
Affected OS: Other Unix, FreeBSD, Linux
Reference: SecurityFocusBID:93876
SecurityTrackerID:1037107
SecurityTrackerID:1037108
ExploitDB:40637
Solutions
The vendor has updated advisory on its official website. Please check it for more information.