Description
engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress Plugin Mail Queue Cross-Site Scripting (1.1)
WordPress Plugin Google Analytics Dashboard Multiple Unspecified Vulnerabilities (2.0.5)
MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2023-45364)
Perl Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2018-12015)