Forums | Mahara Community
CSRF in Mahara 1.2.6 and 1.3.3
This topic is closed. Only moderators and the group administrators can post new replies.
24 March 2011, 20:15
|Category:||Cross-site request forgery|
|Versions affected:||< 1.2.7, < 1.3.4|
|Reported by:||Mahara Team|
A missing session key check allowed attackers to delete other people's blogs through specially crafted links.
Upgrading to Mahara 1.2.7 or 1.3.4 is strongly recommended for all sites.