MS-ISAC CYBERSECURITY ADVISORIES
MS-ISAC ADVISORY NUMBER:
Multiple Vulnerabilities in Joomla Could Allow for Security Bypass
Multiple vulnerabilities have been discovered in Joomla, the most severe of which could allow for security bypass. Joomla is an open source content management system for websites. Successful exploitation of these vulnerabilities could allow an attacker to create a user account on a website that has disabled account creation, or create a user account with escalated privileges.
There are currently no reports of these vulnerabilities being exploited in the wild.
- Joomla prior to version 3.6.4
- Large and medium government entities: High
- Small government entities: Medium
- Large and medium business entities: High
- Small business entities: Medium
Home users: Low
Multiple vulnerabilities have been discovered in Joomla! Core, the most severe of which could result in security bypass. Details of the vulnerabilities are as follows:
- Incorrect use of unfiltered data allows for users to register on a site with elevated privileges. (CVE-2016-8869)
- Inadequate checks allows for users to register on a site when registration has been disabled. (CVE-2016-8870)
Successful exploitation of these vulnerabilities could allow an attacker to create a user account on a website that has disabled account creation, or create a user account with escalated privileges.
We recommend the following actions be taken:
- Apply appropriate patches provided by Joomla! to vulnerable systems immediately after appropriate testing.
- Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
- Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
- Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.