CVE-2017-1000155
Summary: Mahara 15.04 (before 15.04.8), 15.10 (before 15.10.4), and 16.04 (before 16.04.2) are vulnerable due to a failure in access control detection, enabling disclosure of any user-uploaded profile pictures whether or not they are in use. Details evidenced in connected docs: The vulnerability ...