Vulnerability Database

291,049

Total vulnerabilities in the database

CVE-2021-43264

In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the path component for the page help file allows attackers to bypass the intended access control for HTML files via directory traversal. It replaces the - character with the / character.

  • Published: Nov 2, 2021
  • Updated: Apr 14, 2023
  • CVE: CVE-2021-43264
  • Severity: Low
  • Exploit:

CVSS v3:

  • Severity: Low
  • Score: 3.3
  • AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

  • Severity: Low
  • Score: 2.1
  • AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
mahara / mahara 21.04.0 21.04.2
mahara / mahara 20.10.0 20.10.3
mahara / mahara 20.04.0 20.04.5