Forums | Mahara Community
SQL injection in 1.0.13, 1.1.7 and 1.2.3
06 April 2010, 0:07
|Versions affected:||< 1.0.14, < 1.1.8, < 1.2.4
|Reported by:||Mahara Team|
A bug in all Mahara releases since 1.0 allows execution of arbitrary SQL commands. All releases of Mahara since 1.0 are affected, but before Mahara 1.2 could only be exploited by remote authenticated users. Mahara 1.2 is vulnerable to unauthenticated users.
Upgrading to Mahara 1.0.14, 1.1.8 or 1.2.4 is strongly recommended for all sites.