Description

engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors.

Remediation

References

CVE-2012-6563

Related Vulnerabilities

WordPress Plugin MobileChief-Mobile Site Builder Cross-Site Scripting (1.5.7)

WordPress Plugin Ad-minister Cross-Site Scripting (0.6)

WordPress Plugin Woocommerce CSV importer Arbitrary File Deletion (3.3.6)

WordPress Plugin Uploader Cross-Site Scripting and Arbitrary File Upload Vulnerabilities (1.0.4)

WordPress Other Vulnerability (CVE-2006-1263)

Severity

Medium

Classification

CVE-2012-6563 CWE-264

Tags

Missing Update Known Vulnerabilities