Description

engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors.

Remediation

References

CVE-2012-6563

Related Vulnerabilities

WordPress Plugin Quick Post Widget Multiple Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities (1.9.1)

WordPress Plugin DVS Custom Notification Multiple Cross-Site Request Forgery Vulnerabilities (1.0.1)

WordPress Plugin MasterStudy LMS-for Online Courses and Education Security Bypass (3.3.8)

Python Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2017-17522)

Joomla URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2015-5608)

Severity

Medium

Classification

CVE-2012-6563 CWE-264

Tags

Missing Update Known Vulnerabilities