mahara -- sql injection vulnerability

ID 5053420C-4935-11DF-83FB-0015587E2CC1
Type freebsd
Reporter FreeBSD
Modified 2010-04-06T00:00:00


The Debian security team reports:

It was discovered that mahara, an electronic portfolio, weblog, and resume builder is not properly escaping input when generating a unique username based on a remote user name from a single sign-on application. An attacker can use this to compromise the mahara database via crafted user names.