Description

engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors.

Remediation

References

CVE-2012-6563

Related Vulnerabilities

WordPress Ultimate Member Plugin Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-10270)

PostgreSQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2017-12172)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-5267)

WordPress Plugin ACF:Better Search Cross-Site Request Forgery (3.3.0)

WordPress Plugin Simple Dropbox Upload Arbitrary File Upload (1.8.8)

Severity

Medium

Classification

CVE-2012-6563 CWE-264

Tags

Missing Update Known Vulnerabilities