CVE-2011-2774
Mahara 1.3.x-1.4.x - Authenticated Exposure of Sensitive Information via Replyto Parameter
Title source: llmDescription
The "Reply to message" feature in Mahara 1.3.x and 1.4.x before 1.4.1 allows remote authenticated users to read the messages of a different user via a modified replyto parameter.
References (3)
Core 3
Core References
Patch x_refsource_confirm
https://launchpad.net/mahara/+milestone/1.4.1
Patch x_refsource_confirm
https://launchpad.net/bugs/798128
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/46719
Scores
EPSS
0.0101
EPSS Percentile
59.1%
Details
CWE
CWE-200
Status
published
Products (10)
mahara/mahara
1.3.0 (6 CPE variants)
mahara/mahara
1.3.1
mahara/mahara
1.3.2
mahara/mahara
1.3.3
mahara/mahara
1.3.4
mahara/mahara
1.3.5
mahara/mahara
1.3.6
mahara/mahara
1.3.7
mahara/mahara
1.4 rc1 (4 CPE variants)
mahara/mahara
1.4.0
Published
Nov 15, 2011
Tracked Since
Feb 18, 2026