Forums | Mahara Community

Security Announcements /
CSRF in Mahara 1.2.6 and 1.3.3


This topic is closed. Only moderators and the group administrators can post new replies.
François Marier's profile picture
Posts: 411

24 March 2011, 20:15

Category: Cross-site request forgery
Severity: High
Versions affected: < 1.2.7, < 1.3.4
Reported by: Mahara Team
Identifier: CVE-2011-0440

A missing session key check allowed attackers to delete other people's blogs through specially crafted links.

Upgrading to Mahara 1.2.7 or 1.3.4 is strongly recommended for all sites.

1 result