Mahara

Mahara

108 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2013-4430

  • EPSS 0.33%
  • Veröffentlicht 19.05.2014 14:55:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 allows remote attackers to inject arbitrary web script or HTML via the Host header to lib/web.php.

5.5

CVE-2013-4431

  • EPSS 0.62%
  • Veröffentlicht 19.05.2014 14:55:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly prevent access to blocks, which allows remote authenticated users to modify arbitrary blocks via the bock id in an edit request.

4

CVE-2013-4432

  • EPSS 0.19%
  • Veröffentlicht 19.05.2014 14:55:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access to folders, which allows remote authenticated users to read arbitrary folders (1) by leveraging an active folder tab loaded before permissions were rem...

4.3

CVE-2012-6037

  • EPSS 0.3%
  • Veröffentlicht 24.11.2012 20:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4, and other versions including 1.2, allow remote attackers to inject arbitrary web script or HTML via a CSV header with "unknown fields," which are...

9.1

CVE-2012-2239

  • EPSS 0.35%
  • Veröffentlicht 24.11.2012 20:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php.

4.3

CVE-2012-2243

  • EPSS 0.63%
  • Veröffentlicht 24.11.2012 20:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML by uploading an XML file with the xhtml extension, which is rendered inline as script. NOTE: ...

6

CVE-2012-2244

  • EPSS 0.35%
  • Veröffentlicht 24.11.2012 20:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote authenticated administrators to execute arbitrary programs by modifying the path to clamav. NOTE: this can be exploited without authentication by leveraging CVE-2012-2243.

6.8

CVE-2012-2246

  • EPSS 0.29%
  • Veröffentlicht 24.11.2012 20:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to conduct clickjacking attacks to delete arbitrary users and bypass CSRF protection via account/delete.php.

4.3

CVE-2012-2247

  • EPSS 0.3%
  • Veröffentlicht 24.11.2012 20:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to artefact/file/ and a crafted SVG file.

4.3

CVE-2012-2253

  • EPSS 0.26%
  • Veröffentlicht 24.11.2012 20:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in group/members.php in Mahara 1.5.x before 1.5.7 and 1.6.x before 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter.