Forums | Mahara Community

Security Announcements /
Remote code execution in Mahara 1.1.2


This topic is closed. Only moderators and the group administrators can post new replies.
François Marier's profile picture
Posts: 411

22 April 2009, 1:09 AM

Category:Remote code execution
Severity:Major
Versions affected:< 1.1.3
Reported by:Mahara Team
Identifier:CVE-2008-5619

A vulnerability in html2text, a third-party package bundled with Mahara, may allow remote attackers to execute arbitrary code via text that is converted from HTML to plain text.

Upgrading to Mahara 1.1.3 is strongly recommended for all sites currently using the Mahara 1.1 series.  The 1.0 series is not affected by this problem.

1 result