CVE-2021-29349

CVE-2021-29349 affects Mahara 20.10 and is due to CSRF token validation failure on a POST request. An attacker can craft a request to module/multirecipientnotification/inbox.php pieform_delete_all_notifications that results in removing all messages from a mailbox, i.e., a server-side inbox wipe. ...