Vulnerability Database

291,049

Total vulnerabilities in the database

CVE-2017-1000148

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize()" function when importing a skin from an XML file.

  • Published: Nov 3, 2017
  • Updated: Apr 13, 2023
  • CVE: CVE-2017-1000148
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 8.8
  • AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
mahara / mahara 15.04-rc1 15.04-rc1.x
mahara / mahara 15.04-rc2 15.04-rc2.x
mahara / mahara 15.04.7 15.04.7.x
mahara / mahara 15.04.6 15.04.6.x
mahara / mahara 15.04.5 15.04.5.x
mahara / mahara 15.04.4 15.04.4.x
mahara / mahara 15.04.3 15.04.3.x
mahara / mahara 15.04.2 15.04.2.x
mahara / mahara 15.04.1 15.04.1.x
mahara / mahara 15.04.0 15.04.0.x
mahara / mahara 16.04-rc1 16.04-rc1.x
mahara / mahara 16.04-rc2 16.04-rc2.x
mahara / mahara 16.04.0 16.04.0.x
mahara / mahara 16.04.1 16.04.1.x
mahara / mahara 15.10.0 15.10.0.x
mahara / mahara 15.10.1 15.10.1.x
mahara / mahara 15.10.2 15.10.2.x
mahara / mahara 15.10.3 15.10.3.x