Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mahara mahara vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2021-40848
In Mahara prior to 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection.
Mahara Mahara 21.10.0
Mahara Mahara
6.8
CVSSv2
CVE-2011-3642
Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 up to and including 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote malicious users to inject arbitrary web script or HTML via the plugin configuration directive in a refere...
Flowplayer Flowplayer Flash
1 EDB exploit
6.8
CVSSv2
CVE-2012-2246
Mahara 1.4.x prior to 1.4.5 and 1.5.x prior to 1.5.4 allows remote malicious users to conduct clickjacking attacks to delete arbitrary users and bypass CSRF protection via account/delete.php.
Mahara Mahara 1.4
Mahara Mahara 1.4.0
Mahara Mahara 1.4.2
Mahara Mahara 1.4.4
Mahara Mahara 1.4.3
Mahara Mahara 1.4.1
Mahara Mahara 1.5
Mahara Mahara 1.5.2
Mahara Mahara 1.5.3
Mahara Mahara 1.5.0
Mahara Mahara 1.5.1
6.8
CVSSv2
CVE-2011-2773
Cross-site request forgery (CSRF) vulnerability in Mahara prior to 1.4.1 allows remote malicious users to hijack the authentication of administrators for requests that add a user to an institution.
Mahara Mahara 1.1.0
Mahara Mahara 1.1.6
Mahara Mahara 1.2.0
Mahara Mahara 0.9.1
Mahara Mahara 1.1.2
Mahara Mahara 1.2.3
Mahara Mahara 1.0.4
Mahara Mahara 1.1.7
Mahara Mahara 1.2.1
Mahara Mahara 1.3.2
Mahara Mahara 0.9.2
Mahara Mahara 1.4
Mahara Mahara 1.0.1
Mahara Mahara 1.0.8
Mahara Mahara 1.0.12
Mahara Mahara 1.0.15
Mahara Mahara 1.0.6
Mahara Mahara 1.3.0
Mahara Mahara 1.0.9
Mahara Mahara 1.1.9
Mahara Mahara 1.0.5
Mahara Mahara 1.1
6.8
CVSSv2
CVE-2011-1403
Cross-site request forgery (CSRF) vulnerability in the pieforms implementation in Mahara prior to 1.3.6 allows remote malicious users to hijack the authentication of arbitrary users for requests to any form, related to inappropriate regeneration of session keys.
Mahara Mahara 1.1.0
Mahara Mahara 1.1.6
Mahara Mahara 1.2.0
Mahara Mahara 0.9.1
Mahara Mahara 1.1.2
Mahara Mahara 1.2.3
Mahara Mahara 1.0.4
Mahara Mahara 1.1.7
Mahara Mahara 1.2.1
Mahara Mahara 1.3.2
Mahara Mahara 0.9.2
Mahara Mahara 1.0.1
Mahara Mahara 1.0.8
Mahara Mahara 1.0.12
Mahara Mahara 1.0.15
Mahara Mahara 1.0.6
Mahara Mahara 1.3.0
Mahara Mahara 1.0.9
Mahara Mahara 1.1.9
Mahara Mahara
Mahara Mahara 1.0.5
Mahara Mahara 1.1
6.8
CVSSv2
CVE-2010-1668
Multiple cross-site request forgery (CSRF) vulnerabilities in Mahara prior to 1.0.15, 1.1.x prior to 1.1.9, and 1.2.x prior to 1.2.5 allow remote malicious users to hijack the authentication of unspecified victims via unknown vectors.
Mahara Mahara 0.9.1
Mahara Mahara 1.0.4
Mahara Mahara 0.9.2
Mahara Mahara 1.0.1
Mahara Mahara 1.0.8
Mahara Mahara 1.0.12
Mahara Mahara 1.0.6
Mahara Mahara 1.0.9
Mahara Mahara 1.0.5
Mahara Mahara
Mahara Mahara 1.0.2
Mahara Mahara 1.0.3
Mahara Mahara 1.0.13
Mahara Mahara 1.0.10
Mahara Mahara 1.0.7
Mahara Mahara 1.0.0
Mahara Mahara 1.0.11
Mahara Mahara 0.9.0
Mahara Mahara 1.1.0
Mahara Mahara 1.1.6
Mahara Mahara 1.1.2
Mahara Mahara 1.1.7
6.5
CVSSv2
CVE-2017-1000148
Mahara 15.04 prior to 15.04.8 and 15.10 prior to 15.10.4 and 16.04 prior to 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize()" function when importing a skin from an XML file.
Mahara Mahara 15.04
Mahara Mahara 15.04.7
Mahara Mahara 15.04.6
Mahara Mahara 15.04.5
Mahara Mahara 15.04.4
Mahara Mahara 15.04.3
Mahara Mahara 15.04.2
Mahara Mahara 15.04.1
Mahara Mahara 15.04.0
Mahara Mahara 16.04
Mahara Mahara 16.04.0
Mahara Mahara 16.04.1
Mahara Mahara 15.10.0
Mahara Mahara 15.10.1
Mahara Mahara 15.10.2
Mahara Mahara 15.10.3
6.5
CVSSv2
CVE-2017-1000134
Mahara 1.8 prior to 1.8.6 and 1.9 prior to 1.9.4 and 1.10 prior to 1.10.1 and 15.04 prior to 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them.
Mahara Mahara 1.8.1
Mahara Mahara 1.8.2
Mahara Mahara 1.8.3
Mahara Mahara 1.8.4
Mahara Mahara 1.8.5
Mahara Mahara 1.8.0
Mahara Mahara 1.8
Mahara Mahara 1.9.1
Mahara Mahara 1.9.2
Mahara Mahara 1.9.3
Mahara Mahara 1.9.0
Mahara Mahara 1.9
Mahara Mahara 1.10.0
Mahara Mahara 1.10
Mahara Mahara 15.04
6.5
CVSSv2
CVE-2017-1000150
Mahara 15.04 prior to 15.04.7 and 15.10 prior to 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks.
Mahara Mahara 15.04
Mahara Mahara 15.04.6
Mahara Mahara 15.04.5
Mahara Mahara 15.04.4
Mahara Mahara 15.04.3
Mahara Mahara 15.04.2
Mahara Mahara 15.04.1
Mahara Mahara 15.04.0
Mahara Mahara 15.10.0
Mahara Mahara 15.10.1
Mahara Mahara 15.10.2
6.5
CVSSv2
CVE-2017-14163
An issue exists in Mahara prior to 15.04.14, 16.x prior to 16.04.8, 16.10.x prior to 16.10.5, and 17.x prior to 17.04.3. When one closes the browser without logging out of Mahara, the value in the usr_session table is not removed. If someone were to open a browser, visit the Maha...
Mahara Mahara 15.04
Mahara Mahara 15.04.13
Mahara Mahara 15.04.12
Mahara Mahara 15.04.11
Mahara Mahara 15.04.10
Mahara Mahara 15.04.9
Mahara Mahara 15.04.8
Mahara Mahara 15.04.7
Mahara Mahara 15.04.6
Mahara Mahara 15.04.5
Mahara Mahara 15.04.4
Mahara Mahara 15.04.3
Mahara Mahara 15.04.2
Mahara Mahara 15.04.1
Mahara Mahara 15.04.0
Mahara Mahara 16.04
Mahara Mahara 16.04.0
Mahara Mahara 16.04.1
Mahara Mahara 16.04.2
Mahara Mahara 16.04.3
Mahara Mahara 16.04.4
Mahara Mahara 16.04.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »