Filtered by vendor Mahara
Subscribe
Search
Total
13 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-33913 | 1 Mahara | 1 Mahara | 2023-08-08 | 4.3 MEDIUM | 7.5 HIGH |
| In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check. | |||||
| CVE-2022-29585 | 1 Mahara | 1 Mahara | 2022-05-09 | 5.0 MEDIUM | 7.5 HIGH |
| In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. They are all shown from page 2 of the group results list (rather than only being shown for the institution that the viewer is a member of). | |||||
| CVE-2022-28892 | 1 Mahara | 1 Mahara | 2022-05-04 | 6.8 MEDIUM | 8.8 HIGH |
| Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable. | |||||
| CVE-2021-43266 | 1 Mahara | 1 Mahara | 2022-05-03 | 4.6 MEDIUM | 7.3 HIGH |
| In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name. Additional, in Mahara before 20.10.4, 21.04.3, and 21.10.1, exporting collections via PDF export could cause code execution | |||||
| CVE-2021-40848 | 1 Mahara | 1 Mahara | 2021-11-05 | 6.8 MEDIUM | 7.8 HIGH |
| In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection. | |||||
| CVE-2017-14163 | 1 Mahara | 1 Mahara | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8, 16.10.x before 16.10.5, and 17.x before 17.04.3. When one closes the browser without logging out of Mahara, the value in the usr_session table is not removed. If someone were to open a browser, visit the Mahara site, and adjust the 'mahara' cookie to the old value, they can get access to the user's account. | |||||
| CVE-2017-1000134 | 1 Mahara | 1 Mahara | 2019-10-03 | 6.5 MEDIUM | 8.1 HIGH |
| Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them. | |||||
| CVE-2017-1000148 | 1 Mahara | 1 Mahara | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize()" function when importing a skin from an XML file. | |||||
| CVE-2018-11196 | 1 Mahara | 1 Mahara | 2018-07-03 | 5.0 MEDIUM | 7.5 HIGH |
| Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 can be used as medium to transmit viruses by placing infected files into a Leap2A archive and uploading that to Mahara. In contrast to other ZIP files that are uploaded, ClamAV (when activated) does not check Leap2A archives for viruses, allowing malicious files to be available for download. While files cannot be executed on Mahara itself, Mahara can be used to transfer such files to user computers. | |||||
| CVE-2017-1000139 | 1 Mahara | 1 Mahara | 2017-11-15 | 6.0 MEDIUM | 8.0 HIGH |
| Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list. Employing SafeCurl will prevent issues. | |||||
| CVE-2017-1000150 | 1 Mahara | 1 Mahara | 2017-11-13 | 6.5 MEDIUM | 8.8 HIGH |
| Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks. | |||||
| CVE-2017-1000151 | 1 Mahara | 1 Mahara | 2017-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log. | |||||
| CVE-2017-1000133 | 1 Mahara | 1 Mahara | 2017-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of their own pages. | |||||