Description
engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Books Gallery Cross-Site Request Forgery (4.4.8)
Joomla! Core 3.x.x Security Bypass (3.7.0 - 3.9.15)
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-23969)
WordPress 4.5.x Possible SQL Injection Vulnerability (4.5 - 4.5.10)
Grafana URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-29170)