Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote authenticated administrators to execute arbitrary programs by modifying the path to clamav. NOTE: this can be exploited without authentication by leveraging CVE-2012-2243.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mahara | Mahara | 1.4-rc1 (including) | 1.4-rc1 (including) |
| Mahara | Mahara | 1.4-rc2 (including) | 1.4-rc2 (including) |
| Mahara | Mahara | 1.4-rc3 (including) | 1.4-rc3 (including) |
| Mahara | Mahara | 1.4-rc4 (including) | 1.4-rc4 (including) |
| Mahara | Mahara | 1.4.0 (including) | 1.4.0 (including) |
| Mahara | Mahara | 1.4.1 (including) | 1.4.1 (including) |
| Mahara | Mahara | 1.4.2 (including) | 1.4.2 (including) |
| Mahara | Mahara | 1.4.3 (including) | 1.4.3 (including) |
| Mahara | Ubuntu | lucid | * |
| Mahara | Ubuntu | oneiric | * |
| Mahara | Ubuntu | precise | * |
| Mahara | Ubuntu | quantal | * |
| Mahara | Ubuntu | upstream | * |