CVE Vulnerabilities

CVE-2012-6563

Published: May 23, 2013 | Modified: Aug 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors.

Affected Software

Name Vendor Start Version End Version
Elgg Elgg * 1.8.4 (including)
Elgg Elgg 1.7.0 (including) 1.7.0 (including)
Elgg Elgg 1.7.1 (including) 1.7.1 (including)
Elgg Elgg 1.7.2 (including) 1.7.2 (including)
Elgg Elgg 1.7.3 (including) 1.7.3 (including)
Elgg Elgg 1.7.4 (including) 1.7.4 (including)
Elgg Elgg 1.7.5 (including) 1.7.5 (including)
Elgg Elgg 1.7.6 (including) 1.7.6 (including)
Elgg Elgg 1.7.7 (including) 1.7.7 (including)
Elgg Elgg 1.7.8 (including) 1.7.8 (including)
Elgg Elgg 1.7.9 (including) 1.7.9 (including)
Elgg Elgg 1.7.10 (including) 1.7.10 (including)
Elgg Elgg 1.7.11 (including) 1.7.11 (including)
Elgg Elgg 1.7.12 (including) 1.7.12 (including)
Elgg Elgg 1.7.13 (including) 1.7.13 (including)
Elgg Elgg 1.7.14 (including) 1.7.14 (including)
Elgg Elgg 1.7.15 (including) 1.7.15 (including)
Elgg Elgg 1.7.16 (including) 1.7.16 (including)
Elgg Elgg 1.7.17 (including) 1.7.17 (including)
Elgg Elgg 1.7.18 (including) 1.7.18 (including)
Elgg Elgg 1.8.0.1 (including) 1.8.0.1 (including)
Elgg Elgg 1.8.1 (including) 1.8.1 (including)
Elgg Elgg 1.8.3 (including) 1.8.3 (including)

References