CVE-2012-6562

engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
elggelgg
𝑥
≤ 1.8.4
elggelgg
1.7.0
elggelgg
1.7.1
elggelgg
1.7.2
elggelgg
1.7.3
elggelgg
1.7.4
elggelgg
1.7.5
elggelgg
1.7.6
elggelgg
1.7.7
elggelgg
1.7.8
elggelgg
1.7.9
elggelgg
1.7.10
elggelgg
1.7.11
elggelgg
1.7.12
elggelgg
1.7.13
elggelgg
1.7.14
elggelgg
1.7.15
elggelgg
1.7.16
elggelgg
1.7.17
elggelgg
1.7.18
elggelgg
1.8.0.1
elggelgg
1.8.1
elggelgg
1.8.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released
http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip
http://secunia.com/advisories/49129
http://www.securityfocus.com/bid/53623
https://exchange.xforce.ibmcloud.com/vulnerabilities/75757
http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released
http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip
http://secunia.com/advisories/49129
http://www.securityfocus.com/bid/53623
https://exchange.xforce.ibmcloud.com/vulnerabilities/75757