CVE-2011-2774

Mahara 1.3.x-1.4.x - Authenticated Exposure of Sensitive Information via Replyto Parameter

Title source: llm
STIX 2.1

Description

The "Reply to message" feature in Mahara 1.3.x and 1.4.x before 1.4.1 allows remote authenticated users to read the messages of a different user via a modified replyto parameter.

References (3)

Core 3
Core References
Patch x_refsource_confirm
https://launchpad.net/bugs/798128
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/46719

Scores

EPSS 0.0101
EPSS Percentile 59.1%

Details

CWE
CWE-200
Status published
Products (10)
mahara/mahara 1.3.0 (6 CPE variants)
mahara/mahara 1.3.1
mahara/mahara 1.3.2
mahara/mahara 1.3.3
mahara/mahara 1.3.4
mahara/mahara 1.3.5
mahara/mahara 1.3.6
mahara/mahara 1.3.7
mahara/mahara 1.4 rc1 (4 CPE variants)
mahara/mahara 1.4.0
Published Nov 15, 2011
Tracked Since Feb 18, 2026