Intrusion Prevention

Joomla!.Core.Account.Creation.Privilege.Escalation

Description

This indicates an attack attempt to exploit a Privilege Escalation vulnerability in Joomla User component.
The vulnerability is due to the application's failure to properly sanitize user input before using it in an account creation. As a result, a remote attacker can send a crafted query to create a user with elevated permission.

Affected Products

Joomla! CMS versions 3.4.4 through 3.6.3

Impact

Privilege Escalation: Remote attackers can create any account with elevated permission on affected machines

Recommended Actions

Upgrade to version 3.6.4 or higher available from the website
https://www.joomla.org/download.html

CVE References

CVE-2016-8870 CVE-2016-8869