Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize()" function when importing a skin from an XML file.
References
Link | Resource |
---|---|
https://bugs.launchpad.net/mahara/+bug/1508684 | Issue Tracking Patch Third Party Advisory |
https://bugs.launchpad.net/mahara/+bug/1508684 | Issue Tracking Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 03:04
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugs.launchpad.net/mahara/+bug/1508684 - Issue Tracking, Patch, Third Party Advisory |
Information
Published : 2017-11-03 18:29
Updated : 2024-11-21 03:04
NVD link : CVE-2017-1000148
Mitre link : CVE-2017-1000148
CVE.ORG link : CVE-2017-1000148
JSON object : View
Products Affected
mahara
- mahara
CWE
CWE-502
Deserialization of Untrusted Data