Description
engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors.
Remediation
References
Related Vulnerabilities
Moodle CVE-2011-4291 Vulnerability (CVE-2011-4291)
MongoDb CVE-2017-15535 Vulnerability (CVE-2017-15535)
WordPress Plugin Video Chat Multiple Cross-Site Scripting Vulnerabilities (1.4.1)
WordPress Deserialization of Untrusted Data Vulnerability (CVE-2020-36326)
WordPress Plugin Easy Contact Forms Export 'file' Parameter Information Disclosure (1.1.0)