PT-2018-10391 · Cisco+1 · Clamav+1
Swe Zin Lynn
·
Publicado
2018-06-01
·
Atualizado
2018-07-03
·
CVE-2018-11196
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Mahara versions 17.04 through 17.04.7
Mahara versions 17.10 through 17.10.4
Mahara versions 18.04 through 18.04.0
Description
The issue allows malicious files to be uploaded and made available for download by placing infected files into a Leap2A archive. Unlike other ZIP files, ClamAV does not check Leap2A archives for viruses when activated. Although files cannot be executed on Mahara itself, it can be used as a medium to transfer such files to user computers.
Recommendations
For Mahara versions 17.04 through 17.04.7, update to version 17.04.8 or later.
For Mahara versions 17.10 through 17.10.4, update to version 17.10.5 or later.
For Mahara versions 18.04 through 18.04.0, update to version 18.04.1 or later.
Correção
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Clamav
Mahara