engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Elgg | Elgg | * | 1.8.4 (including) |
| Elgg | Elgg | 1.7.0 (including) | 1.7.0 (including) |
| Elgg | Elgg | 1.7.1 (including) | 1.7.1 (including) |
| Elgg | Elgg | 1.7.2 (including) | 1.7.2 (including) |
| Elgg | Elgg | 1.7.3 (including) | 1.7.3 (including) |
| Elgg | Elgg | 1.7.4 (including) | 1.7.4 (including) |
| Elgg | Elgg | 1.7.5 (including) | 1.7.5 (including) |
| Elgg | Elgg | 1.7.6 (including) | 1.7.6 (including) |
| Elgg | Elgg | 1.7.7 (including) | 1.7.7 (including) |
| Elgg | Elgg | 1.7.8 (including) | 1.7.8 (including) |
| Elgg | Elgg | 1.7.9 (including) | 1.7.9 (including) |
| Elgg | Elgg | 1.7.10 (including) | 1.7.10 (including) |
| Elgg | Elgg | 1.7.11 (including) | 1.7.11 (including) |
| Elgg | Elgg | 1.7.12 (including) | 1.7.12 (including) |
| Elgg | Elgg | 1.7.13 (including) | 1.7.13 (including) |
| Elgg | Elgg | 1.7.14 (including) | 1.7.14 (including) |
| Elgg | Elgg | 1.7.15 (including) | 1.7.15 (including) |
| Elgg | Elgg | 1.7.16 (including) | 1.7.16 (including) |
| Elgg | Elgg | 1.7.17 (including) | 1.7.17 (including) |
| Elgg | Elgg | 1.7.18 (including) | 1.7.18 (including) |
| Elgg | Elgg | 1.8.0.1 (including) | 1.8.0.1 (including) |
| Elgg | Elgg | 1.8.1 (including) | 1.8.1 (including) |
| Elgg | Elgg | 1.8.3 (including) | 1.8.3 (including) |