Forums | Mahara Community
Privilege escalation in Mahara 1.1.6 and 1.0.12
29 October 2009, 5:31 PM
|Versions affected:||< 1.0.13, < 1.1.7|
|Reported by:||Ruslan Kabalin of Lancaster University Network Services|
It has been discovered that in previous releases of Mahara, it was possible for an institution administrator to reset the password of the site administrator in certain cases.
Upgrading to Mahara 1.1.7 or 1.0.13 is strongly recommended for all sites using multiple institutions.