Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mahara mahara 15.04.4 vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2017-1000152
Mahara 15.04 prior to 15.04.7 and 15.10 prior to 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. This situation can occur when a user takes an action that forces another user to be logged ...
Mahara Mahara 15.04
Mahara Mahara 15.04.0
Mahara Mahara 15.04.5
Mahara Mahara 15.04.1
Mahara Mahara 15.04.2
Mahara Mahara 15.04.3
Mahara Mahara 15.04.4
Mahara Mahara 15.04.6
Mahara Mahara 15.10.1
Mahara Mahara 15.10.2
Mahara Mahara 15.10.0
668
VMScore
CVE-2017-1000153
Mahara 15.04 prior to 15.04.10 and 15.10 prior to 15.10.6 and 16.04 prior to 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default email, Mahara fails to invalidate old link.Consequently the link in email ...
Mahara Mahara 15.04
Mahara Mahara 15.04.5
Mahara Mahara 15.04.7
Mahara Mahara 15.04.8
Mahara Mahara 15.04.9
Mahara Mahara 15.04.0
Mahara Mahara 15.04.1
Mahara Mahara 15.04.2
Mahara Mahara 15.04.3
Mahara Mahara 15.04.4
Mahara Mahara 15.04.6
Mahara Mahara 16.04
Mahara Mahara 16.04.1
Mahara Mahara 16.04.3
Mahara Mahara 16.04.0
Mahara Mahara 16.04.2
Mahara Mahara 15.10.3
Mahara Mahara 15.10.5
Mahara Mahara 15.10.0
Mahara Mahara 15.10.1
Mahara Mahara 15.10.2
Mahara Mahara 15.10.4
668
VMScore
CVE-2017-1000154
Mahara 15.04 prior to 15.04.8 and 15.10 prior to 15.10.4 and 16.04 prior to 16.04.2 are vulnerable to some authentication methods, which do not use Mahara's built-in login form, still allowing users to log in even if their institution was expired or suspended.
Mahara Mahara 15.04.1
Mahara Mahara 15.04.3
Mahara Mahara 15.04
Mahara Mahara 15.04.4
Mahara Mahara 15.04.5
Mahara Mahara 15.04.6
Mahara Mahara 15.04.7
Mahara Mahara 15.04.0
Mahara Mahara 15.04.2
Mahara Mahara 16.04
Mahara Mahara 16.04.1
Mahara Mahara 16.04.0
Mahara Mahara 15.10.3
Mahara Mahara 15.10.0
Mahara Mahara 15.10.1
Mahara Mahara 15.10.2
578
VMScore
CVE-2017-1000148
Mahara 15.04 prior to 15.04.8 and 15.10 prior to 15.10.4 and 16.04 prior to 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize()" function when importing a skin from an XML file.
Mahara Mahara 15.04.2
Mahara Mahara 15.04.3
Mahara Mahara 15.04.4
Mahara Mahara 15.04.5
Mahara Mahara 15.04
Mahara Mahara 15.04.1
Mahara Mahara 15.04.6
Mahara Mahara 15.04.0
Mahara Mahara 15.04.7
Mahara Mahara 16.04
Mahara Mahara 16.04.0
Mahara Mahara 16.04.1
Mahara Mahara 15.10.1
Mahara Mahara 15.10.3
Mahara Mahara 15.10.0
Mahara Mahara 15.10.2
578
VMScore
CVE-2017-1000150
Mahara 15.04 prior to 15.04.7 and 15.10 prior to 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks.
Mahara Mahara 15.04.4
Mahara Mahara 15.04
Mahara Mahara 15.04.0
Mahara Mahara 15.04.1
Mahara Mahara 15.04.2
Mahara Mahara 15.04.6
Mahara Mahara 15.04.3
Mahara Mahara 15.04.5
Mahara Mahara 15.10.0
Mahara Mahara 15.10.1
Mahara Mahara 15.10.2
578
VMScore
CVE-2017-14163
An issue exists in Mahara prior to 15.04.14, 16.x prior to 16.04.8, 16.10.x prior to 16.10.5, and 17.x prior to 17.04.3. When one closes the browser without logging out of Mahara, the value in the usr_session table is not removed. If someone were to open a browser, visit the Maha...
Mahara Mahara 15.04.6
Mahara Mahara 15.04.7
Mahara Mahara 15.04.8
Mahara Mahara 15.04.9
Mahara Mahara 15.04.2
Mahara Mahara 15.04.4
Mahara Mahara 15.04.11
Mahara Mahara 15.04.13
Mahara Mahara 15.04
Mahara Mahara 15.04.0
Mahara Mahara 15.04.1
Mahara Mahara 15.04.3
Mahara Mahara 15.04.5
Mahara Mahara 15.04.10
Mahara Mahara 15.04.12
Mahara Mahara 16.04.5
Mahara Mahara 16.04.6
Mahara Mahara 16.04.7
Mahara Mahara 16.04.1
Mahara Mahara 16.04.3
Mahara Mahara 16.04
Mahara Mahara 16.04.0
490
VMScore
CVE-2017-1000156
Mahara 15.04 prior to 15.04.9 and 15.10 prior to 15.10.5 and 16.04 prior to 16.04.3 are vulnerable to a group's configuration page being editable by any group member even when they didn't have the admin role.
Mahara Mahara 15.04
Mahara Mahara 15.04.3
Mahara Mahara 15.04.5
Mahara Mahara 15.04.7
Mahara Mahara 15.04.8
Mahara Mahara 15.04.0
Mahara Mahara 15.04.1
Mahara Mahara 15.04.2
Mahara Mahara 15.04.4
Mahara Mahara 15.04.6
Mahara Mahara 16.04.0
Mahara Mahara 16.04.2
Mahara Mahara 16.04
Mahara Mahara 16.04.1
Mahara Mahara 15.10.0
Mahara Mahara 15.10.1
Mahara Mahara 15.10.2
Mahara Mahara 15.10.3
Mahara Mahara 15.10.4
445
VMScore
CVE-2017-1000133
Mahara 15.04 prior to 15.04.8 and 15.10 prior to 15.10.4 and 16.04 prior to 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of their own pages.
Mahara Mahara 15.04.0
Mahara Mahara 15.04.2
Mahara Mahara 15.04.3
Mahara Mahara 15.04.4
Mahara Mahara 15.04.5
Mahara Mahara 15.04.6
Mahara Mahara 15.04.7
Mahara Mahara 15.04
Mahara Mahara 15.04.1
Mahara Mahara 16.04
Mahara Mahara 16.04.0
Mahara Mahara 16.04.1
Mahara Mahara 15.10.2
Mahara Mahara 15.10.0
Mahara Mahara 15.10.1
Mahara Mahara 15.10.3
445
VMScore
CVE-2017-1000151
Mahara 15.04 prior to 15.04.9 and 15.10 prior to 15.10.5 and 16.04 prior to 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log.
Mahara Mahara 15.04.3
Mahara Mahara 15.04.5
Mahara Mahara 15.04.6
Mahara Mahara 15.04.7
Mahara Mahara 15.04.8
Mahara Mahara 15.04
Mahara Mahara 15.04.0
Mahara Mahara 15.04.1
Mahara Mahara 15.04.2
Mahara Mahara 15.04.4
Mahara Mahara 16.04
Mahara Mahara 16.04.0
Mahara Mahara 16.04.2
Mahara Mahara 16.04.1
Mahara Mahara 15.10.3
Mahara Mahara 15.10.0
Mahara Mahara 15.10.1
Mahara Mahara 15.10.2
Mahara Mahara 15.10.4
383
VMScore
CVE-2017-9551
Mahara 15.04 prior to 15.04.14 and 16.04 prior to 16.04.8 and 16.10 prior to 16.10.5 and 17.04 prior to 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. XSS code, to be saved as their name in the usr_registration table. The values are then emailed to ...
Mahara Mahara 15.04.10
Mahara Mahara 15.04.9
Mahara Mahara 15.04.8
Mahara Mahara 15.04.7
Mahara Mahara 15.04
Mahara Mahara 15.04.2
Mahara Mahara 15.04.1
Mahara Mahara 15.04.0
Mahara Mahara 15.04.12
Mahara Mahara 15.04.5
Mahara Mahara 15.04.3
Mahara Mahara 15.04.13
Mahara Mahara 15.04.11
Mahara Mahara 15.04.6
Mahara Mahara 15.04.4
Mahara Mahara 16.04.2
Mahara Mahara 16.04.3
Mahara Mahara 16.04.4
Mahara Mahara 16.04.5
Mahara Mahara 16.04.6
Mahara Mahara 16.04
Mahara Mahara 16.04.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »