Forums | Mahara Community

Security Announcements /
Security issue relating to CSRF <15.04.3, <1.10.6, <1.9.8


This topic is closed. Only moderators and the group administrators can post new replies.
Robert Lyon's profile picture
Posts: 346

19 August 2015, 5:29 PM

It is possible to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into their Mahara account.

Category: CSRF
Severity: High
Versions affected: <15.04.3, <1.10.6, <1.9.8
Reported by: Abdullah Hussam Gazi
Bug reports: https://bugs.launchpad.net/mahara/+bug/1480329
CVE reference: 2017-1000147

Edits to this post:
1 result