Description
engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts.
Remediation
References
Related Vulnerabilities
WordPress Plugin Filedownload Multiple Vulnerabilities (1.4)
WordPress Plugin Ultimate Addons for Beaver Builder Security Bypass (1.24.0)
WordPress Plugin LayerSlider Responsive WordPress Slider Multiple Vulnerabilities (6.2.0)
Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9517)
WordPress Plugin Live Comment Preview Cross-Site Scripting (2.0.2)