Description

engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors.

Remediation

References

CVE-2012-6563

Related Vulnerabilities

WordPress Plugin WordPress Books Gallery Cross-Site Request Forgery (4.4.8)

Joomla! Core 3.x.x Security Bypass (3.7.0 - 3.9.15)

Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-23969)

WordPress 4.5.x Possible SQL Injection Vulnerability (4.5 - 4.5.10)

Grafana URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-29170)

Severity

Medium

Classification

CVE-2012-6563 CWE-264

Tags

Missing Update Known Vulnerabilities