15 matches found
CVE-2022-33913
In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check...
EUVD-2010-1687
Malware in sbrugna...
EUVD-2017-1438
Malware in sbrugna...
EUVD-2020-7879
Malware in sbrugna...
EUVD-2020-30109
Malware in sbrugna...
EUVD-2017-1417
Malware in sbrugna...
EUVD-2017-6733
Malware in sbrugna...
EUVD-2021-30210
Malicious code in bioql PyPI...
EUVD-2021-28004
Malicious code in bioql PyPI...
EUVD-2021-30208
Malicious code in bioql PyPI...
Mahara < 23.04.9, 24.04.5 Multiple Vulnerabilities
Mahara is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mahara:mahara"; if description...
CVE-2021-43266
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name. Additional, in Mahara before 20.10.4, 21.04.3, and 21.10.1, exporting collections via PDF export could cause code execution...
CVE-2020-9282
In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, certain personal information is discoverable inspecting network responses on the 'Edit access' screen when sharing portfolios...
CVE-2011-2771
Multiple cross-site scripting XSS vulnerabilities in Mahara before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 URI attributes and 2 the External Feed component, as demonstrated by the guid element in an RSS feed...
CVE-2022-44544
Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript...