Forums | Mahara Community

Security Announcements /
Remote Code Execution Vulnerability


This topic is closed. Only moderators and the group administrators can post new replies.
anonymous profile picture
Account deleted
Posts: 48

09 October 2012, 23:13

Remote Code Execution Vulnerability

Category: Privilege Escalation/Arbitrary Code Execution
Severity: Critical
Versions affected: < 1.4.5, < 1.5.4
Reported by: Mike Haworth
Identifier: CVE-2012-2244
Bug report: https://bugs.launchpad.net/mahara/+bug/1057238

As part of the now ended Mahara Security Bug Bounty Program, a critical remote code execution vulnerability was discovered. The vulnerability has been fixed by the Mahara core developers.

Upgrading to Mahara 1.4.5 or 1.5.4 is strongly recommended.

Download links for fixed versions:
    https://launchpad.net/mahara/+milestone/1.4.5
    https://launchpad.net/mahara/+milestone/1.5.4

1 result