Category: Privilege Escalation/Arbitrary Code Execution
Severity: Critical
Versions affected: < 1.4.5, < 1.5.4
Reported by: Mike Haworth
Identifier: CVE-2012-2244
Bug report: https://bugs.launchpad.net/mahara/+bug/1057238
As part of the now ended Mahara Security Bug Bounty Program, a critical remote code execution vulnerability was discovered. The vulnerability has been fixed by the Mahara core developers.
Upgrading to Mahara 1.4.5 or 1.5.4 is strongly recommended.
Download links for fixed versions:
https://launchpad.net/mahara/+milestone/1.4.5
https://launchpad.net/mahara/+milestone/1.5.4