CVE-2016-8870

Name of the Vulnerable Software and Affected Versions Joomla! versions prior to 3.6.4

Description The issue concerns the register method in the UsersModelRegistration class, which fails to check the Allow User Registration configuration setting when registration has been disabled. This allows remote attackers to create user accounts.

Recommendations For versions prior to 3.6.4, update to version 3.6.4 or later to resolve the issue. As a temporary workaround, consider disabling the registration functionality until a patch is available. Restrict access to the Users component to minimize the risk of exploitation.