| Max CVSS | 6.8 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2011-2772 | 5.0 |
The get_dataroot_image_path function in lib/file.php in Mahara before 1.4.1 does not properly validate uploaded image files, which allows remote attackers to cause a denial of service (memory consumption) via a (1) large or (2) invalid image.
|
12-03-2012 - 04:00 | 15-11-2011 - 03:57 | |
| CVE-2011-4118 | 6.0 |
Mahara before 1.4.1, when MNet (aka the Moodle network feature) is used, allows remote authenticated users to gain privileges via a jump to an XMLRPC target.
|
15-11-2011 - 05:00 | 15-11-2011 - 03:57 | |
| CVE-2011-2771 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) URI attributes and (2) the External Feed component, as demonstrated by the guid elemen
|
15-11-2011 - 05:00 | 15-11-2011 - 03:57 | |
| CVE-2011-2773 | 6.8 |
Cross-site request forgery (CSRF) vulnerability in Mahara before 1.4.1 allows remote attackers to hijack the authentication of administrators for requests that add a user to an institution.
|
15-11-2011 - 05:00 | 15-11-2011 - 03:57 |