AI Score
Confidence
High
EPSS
Percentile
59.8%
Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php.
www.debian.org/security/2012/dsa-2591
bugs.launchpad.net/mahara/+bug/1047111
mahara.org/interaction/forum/topic.php?id=4869