CVE Vulnerabilities

CVE-2013-4431

Published: May 19, 2014 | Modified: Apr 12, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.5 MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM
root.io minimus.io echohq.com

Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly prevent access to blocks, which allows remote authenticated users to modify arbitrary blocks via the bock id in an edit request.

Affected Software

Name Vendor Start Version End Version
Mahara Mahara * 1.5.11 (including)
Mahara Mahara 1.5-rc1 (including) 1.5-rc1 (including)
Mahara Mahara 1.5-rc2 (including) 1.5-rc2 (including)
Mahara Mahara 1.5.0 (including) 1.5.0 (including)
Mahara Mahara 1.5.1 (including) 1.5.1 (including)
Mahara Mahara 1.5.2 (including) 1.5.2 (including)
Mahara Mahara 1.5.3 (including) 1.5.3 (including)
Mahara Mahara 1.5.4 (including) 1.5.4 (including)
Mahara Mahara 1.5.6 (including) 1.5.6 (including)
Mahara Mahara 1.5.7 (including) 1.5.7 (including)
Mahara Mahara 1.5.8 (including) 1.5.8 (including)
Mahara Mahara 1.5.9 (including) 1.5.9 (including)
Mahara Mahara 1.5.10 (including) 1.5.10 (including)
Mahara Ubuntu lucid *
Mahara Ubuntu precise *
Mahara Ubuntu quantal *
Mahara Ubuntu raring *
Mahara Ubuntu saucy *
Mahara Ubuntu upstream *

References