2 matches found
CVE-2021-29349
Mahara 20.10 is affected by Cross Site Request Forgery CSRF that allows a remote attacker to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request. An attacker can craft a module/multirecipientnotification/inbox.php pieformdeleteallnotifications...
CVE-2021-29349
CVE-2021-29349 affects Mahara 20.10 and is due to CSRF token validation failure on a POST request. An attacker can craft a request to module/multirecipientnotification/inbox.php pieform_delete_all_notifications that results in removing all messages from a mailbox, i.e., a server-side inbox wipe. ...