Gwenole T

**Name of the Vulnerable Software and Affected Versions** Mahara versions 21.04 through 21.04.5 Mahara versions 21.10 through 21.10.3 Mahara version 22.04.2 **Description** The issue allows files to be downloaded through thumb.php with no permission check. **Recommendations** For Mahara versions 21.04 through 21.04.5, update to version 21.04.6 or later. For Mahara versions 21.10 through 21.10.3, update to version 21.10.4 or later. For Mahara version 22.04.2, update to a later version that includes the fix for this issue. As a temporary workaround, consider restricting access to thumb.php to minimize the risk of exploitation.