Vulnerability Database

308,926

Total vulnerabilities in the database

CVE-2023-47799

Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the cache is not cleared after the files of one account are exported.

Published: Aug 25, 2025
Updated: Nov 16, 2025
CVE: CVE-2023-47799
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
mahara / mahara	-	22.10.4
mahara / mahara	23.04.0	23.04.4

https://git.mahara.org/catalyst-security/mahara-security/-/issues/2
https://mahara.org/interaction/forum/topic.php?id=9353

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo