CVE-2011-0440
Mahara 1.2.x-1.2.7 and 1.3.x-1.3.4 - Cross-Site Request Forgery
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that delete blogs.
References (6)
Core 6
Core References
Various Sources x_refsource_confirm
http://mahara.org/interaction/forum/topic.php?id=3208
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2011/dsa-2206
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/47033
Vendor Advisory x_refsource_confirm
http://mahara.org/interaction/forum/topic.php?id=3206
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/66326
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43858
Scores
EPSS
0.0103
EPSS Percentile
59.8%
Details
CWE
CWE-352
Status
published
Products (11)
mahara/mahara
1.2.0 (9 CPE variants)
mahara/mahara
1.2.1
mahara/mahara
1.2.2
mahara/mahara
1.2.3
mahara/mahara
1.2.4
mahara/mahara
1.2.5
mahara/mahara
1.2.6
mahara/mahara
1.3.0 (6 CPE variants)
mahara/mahara
1.3.1
mahara/mahara
1.3.2
... and 1 more
Published
Mar 28, 2011
Tracked Since
Feb 18, 2026