Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mahara mahara vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2020-9282
In Mahara 18.10 prior to 18.10.5, 19.04 prior to 19.04.4, and 19.10 prior to 19.10.2, certain personal information is discoverable inspecting network responses on the 'Edit access' screen when sharing portfolios.
Mahara Mahara
4
CVSSv2
CVE-2020-9386
In Mahara 18.10 prior to 18.10.5, 19.04 prior to 19.04.4, and 19.10 prior to 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore.
Mahara Mahara
6.4
CVSSv2
CVE-2017-1000141
An issue exists in Mahara prior to 18.10.0. It mishandled user requests that could discontinue a user's ability to maintain their own account (changing username, changing primary email address, deleting account). The correct behavior was to either prompt them for their passw...
Mahara Mahara
4
CVSSv2
CVE-2019-9708
An issue exists in Mahara 17.10 prior to 17.10.8, 18.04 prior to 18.04.4, and 18.10 prior to 18.10.1. A site administrator can suspend the system user (root), causing all users to be locked out from the system.
Mahara Mahara
4.3
CVSSv2
CVE-2021-29349
Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that allows a remote malicious user to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request. An attacker can craft a module/multirecipientnotification/inbox.php pieform_d...
Mahara Mahara 20.10
1 Github repository
7.5
CVSSv2
CVE-2010-0400
SQL injection vulnerability in lib/user.php in mahara 1.0.4 allows remote malicious users to execute arbitrary SQL commands via a username.
Mahara Mahara 1.0.4
5
CVSSv2
CVE-2017-1000171
Mahara Mobile prior to 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text.
Mahara Mahara Mobile
6.4
CVSSv2
CVE-2012-2239
Mahara 1.4.x prior to 1.4.4 and 1.5.x prior to 1.5.3 allows remote malicious users to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php.
Mahara Mahara
Debian Debian Linux 6.0
4.3
CVSSv2
CVE-2012-2237
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x prior to 1.4.3 and 1.5.x prior to 1.5.2 allow remote malicious users to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) re...
Mahara Mahara
Debian Debian Linux 6.0
1 EDB exploit
3.5
CVSSv2
CVE-2020-23052
Catalyst IT Ltd Mahara CMS v19.10.2 exists to contain multiple cross-site scripting (XSS) vulnerabilities in the component groupfiles.php via the Number (Nombre) and Description (Descripción) parameters.
Catalyst Mahara 19.10.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »