Mahara Community
Security Announcements - Remote code execution in Mahara 1.1.2
|
Wed, 22 Apr 2009, 6:09 PM
François MarierPosts: 10 |
A vulnerability in html2text, a third-party package bundled with Mahara, may allow remote attackers to execute arbitrary code via text that is converted from HTML to plain text. Upgrading to Mahara 1.1.3 is strongly recommended for all sites currently using the Mahara 1.1 series. The 1.0 series is not affected by this problem. |