Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mahara mahara vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2017-1000141
An issue exists in Mahara prior to 18.10.0. It mishandled user requests that could discontinue a user's ability to maintain their own account (changing username, changing primary email address, deleting account). The correct behavior was to either prompt them for their passw...
Mahara Mahara
7.3
CVSSv3
CVE-2021-43266
In Mahara prior to 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name. Additional, in Mahara prior to 20.10.4, 21.04.3, and 21.10.1, exporting collections via PDF export could cau...
Mahara Mahara
6.1
CVSSv3
CVE-2018-6182
Mahara 16.10 prior to 16.10.9 and 17.04 prior to 17.04.7 and 17.10 prior to 17.10.4 are vulnerable to bad input when TinyMCE is bypassed by POST packages. Therefore, Mahara should not rely on TinyMCE's code stripping alone but also clean input on the server / PHP side as one...
Mahara Mahara
6.1
CVSSv3
CVE-2013-1426
Cross-site Scripting (XSS) in Mahara prior to 1.5.9 and 1.6.x prior to 1.6.4 allows remote malicious users to inject arbitrary web script or HTML via the TinyMCE editor.
Mahara Mahara
NA
CVE-2010-0400
SQL injection vulnerability in lib/user.php in mahara 1.0.4 allows remote malicious users to execute arbitrary SQL commands via a username.
Mahara Mahara 1.0.4
6.5
CVSSv3
CVE-2021-29349
Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that allows a remote malicious user to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request. An attacker can craft a module/multirecipientnotification/inbox.php pieform_d...
Mahara Mahara 20.10
1 Github repository
9.8
CVSSv3
CVE-2017-1000171
Mahara Mobile prior to 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text.
Mahara Mahara Mobile
6.1
CVSSv3
CVE-2012-2237
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x prior to 1.4.3 and 1.5.x prior to 1.5.2 allow remote malicious users to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) re...
Mahara Mahara
Debian Debian Linux 6.0
1 EDB exploit
9.1
CVSSv3
CVE-2012-2239
Mahara 1.4.x prior to 1.4.4 and 1.5.x prior to 1.5.3 allows remote malicious users to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php.
Mahara Mahara
Debian Debian Linux 6.0
5.4
CVSSv3
CVE-2020-23052
Catalyst IT Ltd Mahara CMS v19.10.2 exists to contain multiple cross-site scripting (XSS) vulnerabilities in the component groupfiles.php via the Number (Nombre) and Description (Descripción) parameters.
Catalyst Mahara 19.10.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »