2013-05-23 15:00:00
mitre
PUBLISHED
engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts.