Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mahara vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-0381
Unspecified vulnerability in Mahara prior to 0.9.1 has unknown impact and remote attack vectors, probably related to cross-site scripting (XSS) in uploaded files.
Mahara Mahara
3.3
CVSSv3
CVE-2021-43264
In Mahara prior to 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the path component for the page help file allows malicious users to bypass the intended access control for HTML files via directory traversal. It replaces the - character with the / character.
Mahara Mahara
5.4
CVSSv3
CVE-2021-43265
In Mahara prior to 20.04.5, 20.10.3, 21.04.2, and 21.10.0, certain tag syntax could be used for XSS, such as via a SCRIPT element.
Mahara Mahara
4.3
CVSSv3
CVE-2020-9386
In Mahara 18.10 prior to 18.10.5, 19.04 prior to 19.04.4, and 19.10 prior to 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore.
Mahara Mahara
NA
CVE-2010-0400
SQL injection vulnerability in lib/user.php in mahara 1.0.4 allows remote malicious users to execute arbitrary SQL commands via a username.
Mahara Mahara 1.0.4
9.8
CVSSv3
CVE-2017-1000171
Mahara Mobile prior to 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text.
Mahara Mahara Mobile
6.5
CVSSv3
CVE-2021-29349
Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that allows a remote malicious user to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request. An attacker can craft a module/multirecipientnotification/inbox.php pieform_d...
Mahara Mahara 20.10
1 Github repository
6.1
CVSSv3
CVE-2012-2237
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x prior to 1.4.3 and 1.5.x prior to 1.5.2 allow remote malicious users to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) re...
Mahara Mahara
Debian Debian Linux 6.0
1 EDB exploit
9.1
CVSSv3
CVE-2012-2239
Mahara 1.4.x prior to 1.4.4 and 1.5.x prior to 1.5.3 allows remote malicious users to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php.
Mahara Mahara
Debian Debian Linux 6.0
5.4
CVSSv3
CVE-2020-23052
Catalyst IT Ltd Mahara CMS v19.10.2 exists to contain multiple cross-site scripting (XSS) vulnerabilities in the component groupfiles.php via the Number (Nombre) and Description (Descripción) parameters.
Catalyst Mahara 19.10.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »