Mahara 1.4.x prior to 1.4.4 and 1.5.x prior to 1.5.3 allows remote malicious users to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mahara mahara |
||
debian debian linux 6.0 |