6.5

CVE-2011-1402

Mahara before 1.3.6 allows remote authenticated users to bypass intended access restrictions, and suspend a user account, edit a view, visit a view, edit a plan artefact, read a plans block, read a plan artefact, edit a blog, read a blog block, read a blog artefact, or access a block, via a request associated with (1) admin/users/search.json.php, (2) view/newviewtoken.json.php, (3) lib/mahara.php, (4) artefact/plans/tasks.json.php, (5) artefact/plans/viewtasks.json.php, (6) artefact/blog/view/index.json.php, (7) artefact/blog/posts.json.php, or (8) blocktype/myfriends/myfriends.json.php, related to incorrect privilege enforcement, a missing user id check, and incorrect enforcement of the Overriding Start/Stop Dates setting.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MaharaMahara Version <= 1.3.5
MaharaMahara Version0.9.0
MaharaMahara Version0.9.1
MaharaMahara Version0.9.2
MaharaMahara Version1.0.0
MaharaMahara Version1.0.1
MaharaMahara Version1.0.2
MaharaMahara Version1.0.3
MaharaMahara Version1.0.4
MaharaMahara Version1.0.5
MaharaMahara Version1.0.6
MaharaMahara Version1.0.7
MaharaMahara Version1.0.8
MaharaMahara Version1.0.9
MaharaMahara Version1.0.10
MaharaMahara Version1.0.11
MaharaMahara Version1.0.12
MaharaMahara Version1.0.13
MaharaMahara Version1.0.14
MaharaMahara Version1.0.15
MaharaMahara Version1.1
MaharaMahara Version1.1.0
MaharaMahara Version1.1.0 Updatealpha1
MaharaMahara Version1.1.0 Updatealpha2
MaharaMahara Version1.1.0 Updatealpha3
MaharaMahara Version1.1.0 Updatebeta1
MaharaMahara Version1.1.0 Updatebeta2
MaharaMahara Version1.1.0 Updatebeta3
MaharaMahara Version1.1.0 Updatebeta4
MaharaMahara Version1.1.0 Updaterc1
MaharaMahara Version1.1.0 Updaterc2
MaharaMahara Version1.1.1
MaharaMahara Version1.1.2
MaharaMahara Version1.1.3
MaharaMahara Version1.1.4
MaharaMahara Version1.1.5
MaharaMahara Version1.1.6
MaharaMahara Version1.1.7
MaharaMahara Version1.1.8
MaharaMahara Version1.1.9
MaharaMahara Version1.2.0
MaharaMahara Version1.2.0 Updatealpha1
MaharaMahara Version1.2.0 Updatealpha2
MaharaMahara Version1.2.0 Updatealpha3
MaharaMahara Version1.2.0 Updatebeta1
MaharaMahara Version1.2.0 Updatebeta2
MaharaMahara Version1.2.0 Updatebeta3
MaharaMahara Version1.2.0 Updatebeta4
MaharaMahara Version1.2.0 Updaterc1
MaharaMahara Version1.2.1
MaharaMahara Version1.2.2
MaharaMahara Version1.2.3
MaharaMahara Version1.2.4
MaharaMahara Version1.2.5
MaharaMahara Version1.2.6
MaharaMahara Version1.3.0
MaharaMahara Version1.3.0 Updatebeta1
MaharaMahara Version1.3.0 Updatebeta2
MaharaMahara Version1.3.0 Updatebeta3
MaharaMahara Version1.3.0 Updatebeta4
MaharaMahara Version1.3.0 Updaterc1
MaharaMahara Version1.3.1
MaharaMahara Version1.3.2
MaharaMahara Version1.3.3
MaharaMahara Version1.3.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.53% 0.828
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/44433
Vendor Advisory
http://www.debian.org/security/2011/dsa-2246
http://www.securityfocus.com/bid/47798
https://exchange.xforce.ibmcloud.com/vulnerabilities/67396
https://exchange.xforce.ibmcloud.com/vulnerabilities/67397
https://launchpad.net/mahara/+bug/746182
Patch
https://launchpad.net/mahara/+bug/771592
Patch
https://launchpad.net/mahara/+bug/771614
Patch
https://launchpad.net/mahara/+bug/771623
Patch
https://launchpad.net/mahara/+bug/771637
Patch
https://launchpad.net/mahara/+bug/771644
Patch
https://launchpad.net/mahara/+bug/771653
Patch
https://launchpad.net/mahara/+bug/772140
Patch
https://launchpad.net/mahara/+milestone/1.3.6
Patch