Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote authenticated administrators to execute arbitrary programs by modifying the path to clamav. NOTE: this can be exploited without authentication by leveraging CVE-2012-2243.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mahara | Mahara | 1.4 | 1.4 |
Mahara | Mahara | 1.4.0 | 1.4.0 |
Mahara | Mahara | 1.4.2 | 1.4.2 |
Mahara | Mahara | 1.4 | 1.4 |
Mahara | Mahara | 1.4 | 1.4 |
Mahara | Mahara | 1.4.3 | 1.4.3 |
Mahara | Mahara | 1.4 | 1.4 |
Mahara | Mahara | 1.4.1 | 1.4.1 |