Vulnerabilities > Joomla > Joomla > 2.5.28

DATE CVE VULNERABILITY TITLE RISK
2016-11-04 CVE-2016-8870 Improper Input Validation vulnerability in Joomla Joomla!
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.
network
high complexity
joomla CWE-20
8.1
8.1
2016-11-04 CVE-2016-8869 Improper Input Validation vulnerability in Joomla Joomla!
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.
network
low complexity
joomla CWE-20
critical
 9.8
9.8
2015-12-16 CVE-2015-8562 Improper Input Validation vulnerability in Joomla Joomla!
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
network
low complexity
joomla CWE-20
7.5
7.5