Vulnerability Database

291,049

Total vulnerabilities in the database

CVE-2021-40848

In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection.

  • Published: Nov 3, 2021
  • Updated: Apr 14, 2023
  • CVE: CVE-2021-40848
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.8
  • AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: Medium
  • Score: 6.8
  • AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

Software From Fixed in
mahara / mahara 21.10.0-rc2 21.10.0-rc2.x
mahara / mahara 21.10.0-rc1 21.10.0-rc1.x
mahara / mahara 21.04.0 21.04.2
mahara / mahara 20.10.0 20.10.3
mahara / mahara - 20.04.5