CVE-2012-6563

engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
VendorProductVersion
elggelgg
𝑥
≤ 1.8.4
elggelgg
1.7.0
elggelgg
1.7.1
elggelgg
1.7.2
elggelgg
1.7.3
elggelgg
1.7.4
elggelgg
1.7.5
elggelgg
1.7.6
elggelgg
1.7.7
elggelgg
1.7.8
elggelgg
1.7.9
elggelgg
1.7.10
elggelgg
1.7.11
elggelgg
1.7.12
elggelgg
1.7.13
elggelgg
1.7.14
elggelgg
1.7.15
elggelgg
1.7.16
elggelgg
1.7.17
elggelgg
1.7.18
elggelgg
1.8.0.1
elggelgg
1.8.1
elggelgg
1.8.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released
http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip
http://secunia.com/advisories/49129
http://www.securityfocus.com/bid/53623
https://exchange.xforce.ibmcloud.com/vulnerabilities/75757
http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released
http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip
http://secunia.com/advisories/49129
http://www.securityfocus.com/bid/53623
https://exchange.xforce.ibmcloud.com/vulnerabilities/75757