tagline: Confidence in the Connected World
CIS Logo
HomeResourcesAdvisoriesMultiple Vulnerabilities in Joomla Could Allow for Security Bypass

Multiple Vulnerabilities in Joomla Could Allow for Security Bypass

MS-ISAC ADVISORY NUMBER:

2016-161

DATE(S) ISSUED:

10/25/2016

OVERVIEW:

Multiple vulnerabilities have been discovered in Joomla, the most severe of which could allow for security bypass. Joomla is an open source content management system for websites. Successful exploitation of these vulnerabilities could allow an attacker to create a user account on a website that has disabled account creation, or create a user account with escalated privileges.

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:

  • Joomla prior to version 3.6.4

RISK:

Government:
  • Large and medium government entities: HIGH
  • Small government entities: MEDIUM
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: MEDIUM
Home Users:
LOW

TECHNICAL SUMMARY:

Multiple vulnerabilities have been discovered in Joomla! Core, the most severe of which could result in security bypass. Details of the vulnerabilities are as follows:

Incorrect use of unfiltered data allows for users to register on a site with elevated privileges. (CVE-2016-8869)
Inadequate checks allows for users to register on a site when registration has been disabled. (CVE-2016-8870)
Successful exploitation of these vulnerabilities could allow an attacker to create a user account on a website that has disabled account creation, or create a user account with escalated privileges.

RECOMENDATIONS:

We recommend the following actions be taken:

Apply appropriate patches provided by Joomla! to vulnerable systems immediately after appropriate testing.
Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.

REFERENCES:

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories

Protect Your Systems from Cyber Threats Like This

CIS Controls That Help Avoid This Issue Arrow CIS Control 4: Continuous Vulnerability Assessment and Remediation Arrow CIS Control 7: Email and Web Browser Protections