CVE-2012-6562

2013-05-2315:00:00

mitre

www.cve.org

AI Score

6.8

Confidence

High

EPSS

0.008

Percentile

81.9%

JSON

engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts.

References

blog.elgg.org/pg/blog/evan/read/209/elgg-185-released

elgg.org/getelgg.php?forward=elgg-1.8.5.zip

secunia.com/advisories/49129

www.securityfocus.com/bid/53623

exchange.xforce.ibmcloud.com/vulnerabilities/75757