Mahara Community

Forums > Security Announcements

Remote Code Execution Vulnerability

This topic is closed. Only moderators and the group administrators can post new replies.
Hugh Davenport's profile picture
Posts: 48
09 October 2012, 11:13 PM

Remote Code Execution Vulnerability

Category: Privilege Escalation/Arbitrary Code Execution
Severity: Critical
Versions affected: < 1.4.5, < 1.5.4
Reported by: Mike Haworth
Identifier: CVE-2012-2244
Bug report:

As part of the now ended Mahara Security Bug Bounty Program, a critical remote code execution vulnerability was discovered. The vulnerability has been fixed by the Mahara core developers.

Upgrading to Mahara 1.4.5 or 1.5.4 is strongly recommended.

Download links for fixed versions: