CVE-2013-4432

Name of the Vulnerable Software and Affected Versions Mahara versions prior to 1.5.13 Mahara versions 1.6.x prior to 1.6.8 Mahara versions 1.7.x prior to 1.7.4

Description The issue allows remote authenticated users to read arbitrary folders by either leveraging an active folder tab loaded before permissions were removed or via the folder parameter to "artefact/file/groupfiles.php".

Recommendations For Mahara versions prior to 1.5.13, update to version 1.5.13 or later. For Mahara versions 1.6.x prior to 1.6.8, update to version 1.6.8 or later. For Mahara versions 1.7.x prior to 1.7.4, update to version 1.7.4 or later.