Description
Joomla! 1.6.x/1.7.x/2.5.0-2.5.2 suffers from a privilege escalation vulnerability that allows users to be registered into any group not having 'core.admin' privileges.
Remediation
Joomla! versions 1.0.x, 1.5.x, and 2.5.3+ are not vulnerable. No patch has been issued for 1.6.x or 1.7.x and users of these versions are strongly urged to upgrade to 2.5.3 immediately.
References
Related Vulnerabilities
WordPress Plugin User Self Delete SQL Injection (1.1)
WordPress Plugin FireStorm Shopping Cart eCommerce SQL Injection (2.07.02)
WordPress Plugin Search Everything SQL Injection (7.0.2)
WordPress Plugin ND Shortcodes For Visual Composer Security Bypass (5.8)
WordPress Plugin WP Data Access Privilege Escalation (5.3.7)