Forums | Mahara Community

Security Announcements /
Arbitrary code execution in 1.0.13 and 1.1.7


This topic is closed. Only moderators and the group administrators can post new replies.

06 April 2010, 0:03

Category: Arbitrary code execution
Severity: Medium
Versions affected: < 1.0.14, < 1.1.8
Reported by: Mahara Team
Identifiers: CVE-2008-4810, CVE-2008-4811 and CVE-2009-1669

Multiple security issues have been found in the version of smarty bundled with Mahara 1.0 and 1.1. Note that Mahara 1.2 is not affected by this problem since it no longer uses smarty.

Upgrading to Mahara 1.0.14 or 1.1.8 is recommended for all sites not yet running 1.2.

A post by Account deleted was deleted

2 results