Forums | Mahara Community
Security issue relating to Access control and profile pictures <15.04.8, <15.10.4, <16.04.2
11 July 2016, 5:13 PM
When a profile picture is accessed directly by its URL, Mahara failed to perform any access control checks. Consequently any of a user's uploaded profile pictures could be viewed by anyone, whether or not they were currently selected as the "default" or used in any pages.
Edits to this post:
- Kristina Hoeppner - 07 November 2017, 1:02 PM