Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP unserialize() function when importing a skin from an XML file.
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mahara | Mahara | 15.04-rc1 (including) | 15.04-rc1 (including) |
Mahara | Mahara | 15.04-rc2 (including) | 15.04-rc2 (including) |
Mahara | Mahara | 15.04.0 (including) | 15.04.0 (including) |
Mahara | Mahara | 15.04.1 (including) | 15.04.1 (including) |
Mahara | Mahara | 15.04.2 (including) | 15.04.2 (including) |
Mahara | Mahara | 15.04.3 (including) | 15.04.3 (including) |
Mahara | Mahara | 15.04.4 (including) | 15.04.4 (including) |
Mahara | Mahara | 15.04.5 (including) | 15.04.5 (including) |
Mahara | Mahara | 15.04.6 (including) | 15.04.6 (including) |
Mahara | Mahara | 15.04.7 (including) | 15.04.7 (including) |