Mahara Multiple Remote Vulnerabilities. Upgrade to version 1.3.6 or newer to fix multiple remote vulnerabilities in Mahara application
Reporter | Title | Published | Views | Family All 34 |
---|---|---|---|---|
![]() | [SECURITY] [DSA 2246-1] mahara security update | 29 May 201111:48 | – | debian |
![]() | [SECURITY] [DSA 2246-1] mahara security update | 29 May 201111:48 | – | debian |
![]() | Debian DSA-2246-1 : mahara - several vulnerabilities | 10 Jun 201100:00 | – | nessus |
![]() | Mahara Multiple Remote Vulnerabilities | 23 May 201100:00 | – | openvas |
![]() | Debian: Security Advisory (DSA-2246-1) | 3 Aug 201100:00 | – | openvas |
![]() | Debian Security Advisory DSA 2246-1 (mahara) | 3 Aug 201100:00 | – | openvas |
![]() | [SECURITY] [DSA 2246-1] mahara security update | 30 May 201100:00 | – | securityvulns |
![]() | Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | 2 Jun 201100:00 | – | securityvulns |
![]() | mahara - several vulnerabilities | 29 May 201100:00 | – | osv |
![]() | CVE-2011-1403 | 13 May 201122:55 | – | cve |
Source | Link |
---|---|
secunia | www.secunia.com/advisories/44433 |
securityfocus | www.securityfocus.com/bid/47798 |
launchpad | www.launchpad.net/mahara/+milestone/1.3.6 |
# SPDX-FileCopyrightText: 2011 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.801889");
script_version("2023-07-28T05:05:23+0000");
script_tag(name:"last_modification", value:"2023-07-28 05:05:23 +0000 (Fri, 28 Jul 2023)");
script_tag(name:"creation_date", value:"2011-05-23 15:31:07 +0200 (Mon, 23 May 2011)");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_cve_id("CVE-2011-1402", "CVE-2011-1403", "CVE-2011-1404", "CVE-2011-1405", "CVE-2011-1406");
script_name("Mahara Multiple Remote Vulnerabilities");
script_xref(name:"URL", value:"http://secunia.com/advisories/44433");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/47798");
script_xref(name:"URL", value:"https://launchpad.net/mahara/+milestone/1.3.6");
script_tag(name:"qod_type", value:"remote_banner");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2011 Greenbone AG");
script_family("Web application abuses");
script_dependencies("secpod_mahara_detect.nasl");
script_mandatory_keys("mahara/detected");
script_tag(name:"impact", value:"Successful exploitation will allow attackers to execute arbitrary script
code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based
authentication credentials, disclose or modify sensitive information, or perform certain administrative actions
and bypass security restrictions.");
script_tag(name:"affected", value:"Mahara version prior to 1.3.6.");
script_tag(name:"insight", value:"- An error in artefact/plans/viewtasks.json.php, artefact/blog/posts.json.php,
and blocktype/myfriends/myfriends.json.php when checking a user's permission can be exploited to access
restricted views.
- An error in view/newviewtoken.json.php, artefact/plans/tasks.json.php, and artefact/blog/view/index.json.php
when checking a user's permission can be exploited to edit restricted views.
- An error in admin/users/search.json.php due to the 'INSTITUTIONALADMIN' permission not being checked can be
exploited to search and suspend other users.
- The application allows users to perform certain actions via HTTP requests without performing any validity
checks to verify the requests. This can be exploited to create an arbitrary user with administrative
privileges if a logged-in administrative user visits a malicious web site.
- Input passed via certain email fields as a result of forum posts and view feedback notifications is not
properly sanitised in artefact/comment/lib.php and interaction/forum/lib.php before being used.
- Improper handling of an https URL in the wwwroot configuration setting, allows user-assisted remote attackers
to obtain credentials by sniffing the network at a time when an http URL is used for a login.");
script_tag(name:"solution", value:"Upgrade to Mahara version 1.3.6 or later.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"summary", value:"Mahara is prone to multiple remote vulnerabilities.");
exit(0);
}
CPE = "cpe:/a:mahara:mahara";
include("host_details.inc");
include("version_func.inc");
if (!port = get_app_port(cpe: CPE))
exit(0);
if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
exit(0);
version = infos["version"];
location = infos["location"];
if (version_is_less(version: version, test_version: "1.3.6")) {
report = report_fixed_ver(installed_version: version, fixed_version: "1.3.6", install_path: location);
security_message(port: port, data: report);
exit(0);
}
exit(99);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo