Description

engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors.

Remediation

References

CVE-2012-6563

Related Vulnerabilities

Apache Tomcat Improper Access Control Vulnerability (CVE-2014-7810)

Oracle Database Server CVE-2015-0483 Vulnerability (CVE-2015-0483)

WordPress Plugin WordPress Infinite Scroll-Ajax Load More Cross-Site Scripting (5.6.0.2)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-15880)

WordPress Plugin MStore API-Create Native Android & iOS Apps On The Cloud Security Bypass (4.10.7)

Severity

Medium

Classification

CVE-2012-6563 CWE-264

Tags

Missing Update Known Vulnerabilities