Description
Cross-site request forgery (CSRF) vulnerability in Mahara before 1.4.1 allows remote attackers to hijack the authentication of administrators for requests that add a user to an institution.
References (5)
Core 5
Core References
Various Sources x_refsource_confirm
http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz
Issue Tracking x_refsource_confirm
https://bugs.launchpad.net/mahara/+bug/800032
Patch x_refsource_confirm
https://launchpad.net/mahara/+milestone/1.4.1
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2011/dsa-2334
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/46719
Scores
EPSS
0.0095
EPSS Percentile
57.2%
Details
CWE
CWE-352
Status
published
Products (33)
mahara/mahara
0.9.0
mahara/mahara
0.9.1
mahara/mahara
0.9.2
mahara/mahara
1.0.0
mahara/mahara
1.0.1
mahara/mahara
1.0.2
mahara/mahara
1.0.3
mahara/mahara
1.0.4
mahara/mahara
1.0.5
mahara/mahara
1.0.6
... and 23 more
Published
Nov 15, 2011
Tracked Since
Feb 18, 2026