Today I want to tell you about last Joomla vulnerabilities. Issues I want to talk about are
I guess you already know about first three CVE because of Joomla is a very popular CMS around the world and these problems found a few month ago. But I have some words about exploitation and bug itself.
Let’s start with fast bug details.
There are two methods for user registration exists — UsersControllerRegistration and UsersControllerUser. You can find it inside /components/com_users/controllers/registration.php:108 and /components/com_users/controllers/user.php:293. The first method is legal and used by Joomla itself for user registrations. Second doesn’t call from anywhere but we can call it with a custom request to a server. To build it you need to take real register POST request then change task parameter from registration.register to user.register and use user array instead of jform.