CVE-2017-1000156
Concrete details found: Mahara versions 15.04 before 15.04.9, 15.10 before 15.10.5, and 16.04 before 16.04.3 are vulnerable to an issue where a user in a group can edit the group’s configuration page even without admin privileges. The root cause is a permission/role check failing for group config...