CVE-2021-29349

Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 31/03/2021 Updated: 07/04/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that allows a remote malicious user to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request. An attacker can craft a module/multirecipientnotification/inbox.php pieform_delete_all_notifications request, which leads to removing all messages from a mailbox.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mahara mahara 20.10

CVE-2021-29349 CSRF to remove all messages in Mahara 20.10

CVE-2021-29349 CVE-2021-29349 CSRF to remove all messages in Mahara 2010 Payload and Credit githubcom/0xBaz

CWE-352 https://github.com/0xBaz/CVE-2021-29349/issues/1 https://nvd.nist.gov https://github.com/Vulnmachines/CVE-2021-29349

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-29349

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect