Download
| Alert*
engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts. CVSS Score and Metrics +CVSS Score and Metrics -
|