CVE-2011-2772

Name of the Vulnerable Software and Affected Versions Mahara versions prior to 1.4.1

Description The issue concerns the get dataroot image path function in lib/file.php, which does not properly validate uploaded image files. This allows remote attackers to cause a denial of service, specifically memory consumption, by uploading either large or invalid images.

Recommendations For versions prior to 1.4.1, update to version 1.4.1 or later to resolve the issue. As a temporary workaround, consider restricting the upload of image files to prevent potential denial of service attacks.