PT-2012-3898 · Catalyst It · Mahara
Mike Haworth
·
Published
2012-11-24
·
Updated
2024-02-15
·
CVE-2012-2239
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Mahara versions 1.4.x through 1.4.3
Mahara versions 1.5.x through 1.5.2
Description
The issue allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack. This can be demonstrated by reading the config.php file.
Recommendations
For Mahara versions 1.4.x through 1.4.3, update to version 1.4.4 or later.
For Mahara versions 1.5.x through 1.5.2, update to version 1.5.3 or later.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mahara