Forums | Mahara Community

Security Announcements /
SQL injection in 1.0.13, 1.1.7 and 1.2.3


This topic is closed. Only moderators and the group administrators can post new replies.

06 April 2010, 0:07

Category: SQL injection
Severity: Major
Versions affected: < 1.0.14, < 1.1.8, < 1.2.4
Reported by: Mahara Team
Identifier: CVE-2010-0400

A bug in all Mahara releases since 1.0 allows execution of arbitrary SQL commands. All releases of Mahara since 1.0 are affected, but before Mahara 1.2 could only be exploited by remote authenticated users. Mahara 1.2 is vulnerable to unauthenticated users.

Upgrading to Mahara 1.0.14, 1.1.8 or 1.2.4 is strongly recommended for all sites.

1 result