Forums | Mahara Community
Remote code execution in Mahara 1.1.2
22 April 2009, 1:09 AM
|Category:||Remote code execution|
|Versions affected:||< 1.1.3|
|Reported by:||Mahara Team|
A vulnerability in html2text, a third-party package bundled with Mahara, may allow remote attackers to execute arbitrary code via text that is converted from HTML to plain text.
Upgrading to Mahara 1.1.3 is strongly recommended for all sites currently using the Mahara 1.1 series. The 1.0 series is not affected by this problem.