Description
engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts.
Remediation
References
Related Vulnerabilities
WordPress Plugin Magic Post Voice Cross-Site Scripting (1.2)
Apache HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2018-17189)
WordPress Plugin xili-language Multiple Unspecified Vulnerabilities (2.17.0)
Oracle JRE CVE-2023-21954 Vulnerability (CVE-2023-21954)
WordPress Plugin WP Editor Multiple Vulnerabilities (1.2.5.3)