CPE-43558997-BCAE-4D89-A1C7-9B9E50D2FE15 Detail

CPE Details

Mahara 21.04.2

Vendor

mahara

Product

mahara

Version

21.04.2

Created

2021-11-03
14h38 +00:00

Modified

2021-11-16
18h27 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:mahara:mahara:21.04.2:::::::*

Informations

Vendor

mahara

Product

mahara

Version

21.04.2

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2022-42707	2022-11-05 23h00 +00:00	In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions.	7.5	High
CVE-2022-44544	2022-11-05 23h00 +00:00	Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript.	9.8	Critical
CVE-2022-33913	2022-06-20 13h26 +00:00	In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check.	7.5	High
CVE-2022-29585	2022-04-28 13h29 +00:00	In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. They are all shown from page 2 of the group results list (rather than only being shown for the institution that the viewer is a member of).	7.5	High
CVE-2022-29584	2022-04-28 13h26 +00:00	Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action.	5.4	Medium
CVE-2022-28892	2022-04-27 22h00 +00:00	Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable.	8.8	High
CVE-2022-24111	2022-02-10 15h01 +00:00	In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have not been shared with non-group members and portfolios created on the site and institution levels can be viewed without requiring a login if the URL to these portfolios is known.	5.3	Medium
CVE-2022-24694	2022-02-09 03h31 +00:00	In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. (Only folder names are affected. Neither file names nor file contents are affected.)	4.3	Medium
CVE-2021-43266	2021-11-02 20h54 +00:00	In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name. Additional, in Mahara before 20.10.4, 21.04.3, and 21.10.1, exporting collections via PDF export could cause code execution	7.3	High

Mahara 21.04.2

CPE Details

CPE Name: cpe:2.3:a:mahara:mahara:21.04.2:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:mahara:mahara:21.04.2:::::::*