CVE-2017-1000153
This CVE affects Mahara versions 15.04 (before 15.04.10), 15.10 (before 15.10.6), and 16.04 (before 16.04.4) due to incorrect access control after a password-reset link is sent via email and the user changes the default email. Mahara fails to invalidate the old link, allowing an attacker to acces...