CVE-2017-1000136
CVE-2017-1000136 affects Mahara 1.8 before 1.8.6, 1.9 before 1.9.4, 1.10 before 1.10.1, and 15.04 before 15.04.0. The root cause is that old sessions are not invalidated after a password change, enabling continued access to an account post-change. Affected versions and the exact vulnerability are...