Improper Clearing of Cached Access Lists in Elgg before 1.8.5

Improper Clearing of Cached Access Lists in Elgg before 1.8.5

CVE-2012-6563 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors.

Learn more about our Web Application Penetration Testing UK.