CVE Vulnerabilities

CVE-2012-6562

Published: May 23, 2013 | Modified: Aug 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts.

Affected Software

Name Vendor Start Version End Version
Elgg Elgg 1.7.15 1.7.15
Elgg Elgg 1.7.8 1.7.8
Elgg Elgg 1.7.13 1.7.13
Elgg Elgg 1.7.7 1.7.7
Elgg Elgg 1.7.3 1.7.3
Elgg Elgg 1.8.3 1.8.3
Elgg Elgg 1.7.2 1.7.2
Elgg Elgg 1.7.6 1.7.6
Elgg Elgg 1.7.1 1.7.1
Elgg Elgg * 1.8.4
Elgg Elgg 1.7.17 1.7.17
Elgg Elgg 1.7.12 1.7.12
Elgg Elgg 1.7.9 1.7.9
Elgg Elgg 1.7.16 1.7.16
Elgg Elgg 1.7.18 1.7.18
Elgg Elgg 1.8.1 1.8.1
Elgg Elgg 1.7.14 1.7.14
Elgg Elgg 1.7.4 1.7.4
Elgg Elgg 1.7.10 1.7.10
Elgg Elgg 1.7.11 1.7.11
Elgg Elgg 1.8.0.1 1.8.0.1
Elgg Elgg 1.7.0 1.7.0
Elgg Elgg 1.7.5 1.7.5

References