CVE-2017-1000152
CVE-2017-1000152 affects Mahara 15.04 prior to 15.04.7 and 15.10 prior to 15.10.3 when running PHP 5.3. The issue allows one user to be logged in as another on a separate computer because the same session ID is served. Root cause: duplicate/session response handling leads to cross-user session ex...