CVE-2017-1000148
HIGHMahara <15.04.8, <15.10.4, <16.04.2 - Code Injection
Title source: llmDescription
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize()" function when importing a skin from an XML file.
References (1)
Core 1
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugs.launchpad.net/mahara/+bug/1508684
Scores
CVSS v3
8.8
EPSS
0.0160
EPSS Percentile
72.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-502
Status
published
Products (16)
mahara/mahara
15.04 rc1 (2 CPE variants)
mahara/mahara
15.04.0
mahara/mahara
15.04.1
mahara/mahara
15.04.2
mahara/mahara
15.04.3
mahara/mahara
15.04.4
mahara/mahara
15.04.5
mahara/mahara
15.04.6
mahara/mahara
15.04.7
mahara/mahara
16.04 rc1 (2 CPE variants)
... and 6 more
Published
Nov 03, 2017
Tracked Since
Feb 18, 2026