PT-2016-7838 · Open Source Matters · Joomla!
Cf
·
Publicado
2016-12-16
·
Atualizado
2017-09-02
·
CVE-2016-9838
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Joomla! versions prior to 3.6.5
Description
An issue was discovered in the registration model of Joomla!, where incorrect filtering of registration form data stored in the session on a validation error allows a user to gain access to a registered user's account. This enables the attacker to reset the user's group mappings, username, and password by submitting a form that targets the
registration.register task.Recommendations
For versions prior to 3.6.5, update to version 3.6.5 or later to resolve the issue.
Exploit
Correção
Improper Access Control
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Joomla!