engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Elgg | Elgg | 1.7.15 | 1.7.15 |
Elgg | Elgg | 1.7.8 | 1.7.8 |
Elgg | Elgg | 1.7.13 | 1.7.13 |
Elgg | Elgg | 1.7.7 | 1.7.7 |
Elgg | Elgg | 1.7.3 | 1.7.3 |
Elgg | Elgg | 1.8.3 | 1.8.3 |
Elgg | Elgg | 1.7.2 | 1.7.2 |
Elgg | Elgg | 1.7.6 | 1.7.6 |
Elgg | Elgg | 1.7.1 | 1.7.1 |
Elgg | Elgg | * | 1.8.4 |
Elgg | Elgg | 1.7.17 | 1.7.17 |
Elgg | Elgg | 1.7.12 | 1.7.12 |
Elgg | Elgg | 1.7.9 | 1.7.9 |
Elgg | Elgg | 1.7.16 | 1.7.16 |
Elgg | Elgg | 1.7.18 | 1.7.18 |
Elgg | Elgg | 1.8.1 | 1.8.1 |
Elgg | Elgg | 1.7.14 | 1.7.14 |
Elgg | Elgg | 1.7.4 | 1.7.4 |
Elgg | Elgg | 1.7.10 | 1.7.10 |
Elgg | Elgg | 1.7.11 | 1.7.11 |
Elgg | Elgg | 1.8.0.1 | 1.8.0.1 |
Elgg | Elgg | 1.7.0 | 1.7.0 |
Elgg | Elgg | 1.7.5 | 1.7.5 |