Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mahara mahara vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-1000150
Mahara 15.04 prior to 15.04.7 and 15.10 prior to 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks.
Mahara Mahara 15.04.4
Mahara Mahara 15.04
Mahara Mahara 15.04.0
Mahara Mahara 15.04.1
Mahara Mahara 15.04.2
Mahara Mahara 15.04.6
Mahara Mahara 15.04.3
Mahara Mahara 15.04.5
Mahara Mahara 15.10.0
Mahara Mahara 15.10.1
Mahara Mahara 15.10.2
8.8
CVSSv3
CVE-2017-14163
An issue exists in Mahara prior to 15.04.14, 16.x prior to 16.04.8, 16.10.x prior to 16.10.5, and 17.x prior to 17.04.3. When one closes the browser without logging out of Mahara, the value in the usr_session table is not removed. If someone were to open a browser, visit the Maha...
Mahara Mahara 15.04.6
Mahara Mahara 15.04.7
Mahara Mahara 15.04.8
Mahara Mahara 15.04.9
Mahara Mahara 15.04.2
Mahara Mahara 15.04.4
Mahara Mahara 15.04.11
Mahara Mahara 15.04.13
Mahara Mahara 15.04
Mahara Mahara 15.04.0
Mahara Mahara 15.04.1
Mahara Mahara 15.04.3
Mahara Mahara 15.04.5
Mahara Mahara 15.04.10
Mahara Mahara 15.04.12
Mahara Mahara 16.04.5
Mahara Mahara 16.04.6
Mahara Mahara 16.04.7
Mahara Mahara 16.04.1
Mahara Mahara 16.04.3
Mahara Mahara 16.04
Mahara Mahara 16.04.0
8.1
CVSSv3
CVE-2017-1000134
Mahara 1.8 prior to 1.8.6 and 1.9 prior to 1.9.4 and 1.10 prior to 1.10.1 and 15.04 prior to 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them.
Mahara Mahara 1.8.1
Mahara Mahara 1.8.2
Mahara Mahara 1.8.3
Mahara Mahara 1.8.4
Mahara Mahara 1.8.5
Mahara Mahara 1.8
Mahara Mahara 1.8.0
Mahara Mahara 1.9
Mahara Mahara 1.9.1
Mahara Mahara 1.9.2
Mahara Mahara 1.9.3
Mahara Mahara 1.9.0
Mahara Mahara 1.10
Mahara Mahara 1.10.0
Mahara Mahara 15.04
8
CVSSv3
CVE-2017-1000139
Mahara 1.8 prior to 1.8.7 and 1.9 prior to 1.9.5 and 1.10 prior to 1.10.3 and 15.04 prior to 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list. Employing SafeCurl will prevent issues.
Mahara Mahara 1.8
Mahara Mahara 1.8.6
Mahara Mahara 1.8.1
Mahara Mahara 1.8.2
Mahara Mahara 1.8.4
Mahara Mahara 1.8.0
Mahara Mahara 1.8.3
Mahara Mahara 1.8.5
Mahara Mahara 1.9
Mahara Mahara 1.9.4
Mahara Mahara 1.9.1
Mahara Mahara 1.9.3
Mahara Mahara 1.9.2
Mahara Mahara 1.9.0
Mahara Mahara 1.10.1
Mahara Mahara 1.10.2
Mahara Mahara 1.10.0
Mahara Mahara 1.10
Mahara Mahara 15.04
7.8
CVSSv3
CVE-2021-40848
In Mahara prior to 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection.
Mahara Mahara
Mahara Mahara 21.10.0
7.5
CVSSv3
CVE-2022-42707
In Mahara 21.04 prior to 21.04.7, 21.10 prior to 21.10.5, 22.04 prior to 22.04.3, and 22.10 prior to 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions.
Mahara Mahara 22.10.0
Mahara Mahara
7.5
CVSSv3
CVE-2022-33913
In Mahara 21.04 prior to 21.04.6, 21.10 prior to 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check.
Mahara Mahara 22.04.2
Mahara Mahara
7.5
CVSSv3
CVE-2022-29585
In Mahara prior to 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. They are all shown from page 2 of the group results list (rather than only being shown for the institution that the viewer is a member of)...
Mahara Mahara 22.04.0
Mahara Mahara
7.5
CVSSv3
CVE-2018-11196
Mahara 17.04 prior to 17.04.8 and 17.10 prior to 17.10.5 and 18.04 prior to 18.04.1 can be used as medium to transmit viruses by placing infected files into a Leap2A archive and uploading that to Mahara. In contrast to other ZIP files that are uploaded, ClamAV (when activated) do...
Mahara Mahara
Mahara Mahara 18.04.0
7.5
CVSSv3
CVE-2017-1000133
Mahara 15.04 prior to 15.04.8 and 15.10 prior to 15.10.4 and 16.04 prior to 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of their own pages.
Mahara Mahara 15.04.0
Mahara Mahara 15.04.2
Mahara Mahara 15.04.3
Mahara Mahara 15.04.4
Mahara Mahara 15.04.5
Mahara Mahara 15.04.6
Mahara Mahara 15.04.7
Mahara Mahara 15.04
Mahara Mahara 15.04.1
Mahara Mahara 16.04
Mahara Mahara 16.04.0
Mahara Mahara 16.04.1
Mahara Mahara 15.10.2
Mahara Mahara 15.10.0
Mahara Mahara 15.10.1
Mahara Mahara 15.10.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »