Swe Zin Lynn

**Name of the Vulnerable Software and Affected Versions** Mahara versions 17.04 through 17.04.7 Mahara versions 17.10 through 17.10.4 Mahara versions 18.04 through 18.04.0 **Description** The issue allows malicious files to be uploaded and made available for download by placing infected files into a Leap2A archive. Unlike other ZIP files, ClamAV does not check Leap2A archives for viruses when activated. Although files cannot be executed on Mahara itself, it can be used as a medium to transfer such files to user computers. **Recommendations** For Mahara versions 17.04 through 17.04.7, update to version 17.04.8 or later. For Mahara versions 17.10 through 17.10.4, update to version 17.10.5 or later. For Mahara versions 18.04 through 18.04.0, update to version 18.04.1 or later.