CVE-2013-4431 | Vulnerability Database | Aqua Security

Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly prevent access to blocks, which allows remote authenticated users to modify arbitrary blocks via the bock id in an edit request.

Affected Software

Name	Vendor	Start Version	End Version
Mahara	Mahara	*	1.5.11 (including)
Mahara	Mahara	1.5-rc1 (including)	1.5-rc1 (including)
Mahara	Mahara	1.5-rc2 (including)	1.5-rc2 (including)
Mahara	Mahara	1.5.0 (including)	1.5.0 (including)
Mahara	Mahara	1.5.1 (including)	1.5.1 (including)
Mahara	Mahara	1.5.2 (including)	1.5.2 (including)
Mahara	Mahara	1.5.3 (including)	1.5.3 (including)
Mahara	Mahara	1.5.4 (including)	1.5.4 (including)
Mahara	Mahara	1.5.6 (including)	1.5.6 (including)
Mahara	Mahara	1.5.7 (including)	1.5.7 (including)
Mahara	Mahara	1.5.8 (including)	1.5.8 (including)
Mahara	Mahara	1.5.9 (including)	1.5.9 (including)
Mahara	Mahara	1.5.10 (including)	1.5.10 (including)
Mahara	Ubuntu	lucid	*
Mahara	Ubuntu	precise	*
Mahara	Ubuntu	quantal	*
Mahara	Ubuntu	raring	*
Mahara	Ubuntu	saucy	*
Mahara	Ubuntu	upstream	*

References

http://www.openwall.com/lists/oss-security/2013/10/08/3
http://www.openwall.com/lists/oss-security/2013/10/15/1
http://www.openwall.com/lists/oss-security/2013/10/16/7
https://bugs.launchpad.net/mahara/+bug/1233500
https://mahara.org/interaction/forum/topic.php?id=5753
http://www.openwall.com/lists/oss-security/2013/10/08/3
http://www.openwall.com/lists/oss-security/2013/10/15/1
http://www.openwall.com/lists/oss-security/2013/10/16/7
https://bugs.launchpad.net/mahara/+bug/1233500
https://mahara.org/interaction/forum/topic.php?id=5753

NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-4431
CWE	https://cwe.mitre.org/data/definitions/264.html