CVE-2012-2239

2012-11-24T15:55:02
ID CVE-2012-2239
Type cve
Reporter NVD
Modified 2013-02-07T23:50:03

Description

Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php.