Forums | Mahara Community
Accessing page help causing path traversal in Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0
29 October 2021, 17:06
Vulnerability type: Path traversal
Attack type: Local
Impact: Access escalation
Affected components: The help icon for 'page help'
Attack vectors: If a person alters the path to the page help file they can traverse to find other .html files outside the site's webroot and potentially find sensitive information.
Description: In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, addjusting the path component for the page help file could cause seeing html files that you are not allowed to access.
Edits to this post:
- Kristina Hoeppner - 04 November 2021, 15:36