Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly prevent access to blocks, which allows remote authenticated users to modify arbitrary blocks via the bock id in an edit request.
2014-05-19T14:55:08.500
2025-04-12T10:46:40.837
Deferred
CVSSv2: 5.5 (MEDIUM)
AV:N/AC:L/Au:S/C:N/I:P/A:P
8.0
4.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | mahara | mahara | ≤ 1.5.11 | Yes |
| Application | mahara | mahara | 1.5 | Yes |
| Application | mahara | mahara | 1.5 | Yes |
| Application | mahara | mahara | 1.5.0 | Yes |
| Application | mahara | mahara | 1.5.1 | Yes |
| Application | mahara | mahara | 1.5.2 | Yes |
| Application | mahara | mahara | 1.5.3 | Yes |
| Application | mahara | mahara | 1.5.4 | Yes |
| Application | mahara | mahara | 1.5.6 | Yes |
| Application | mahara | mahara | 1.5.7 | Yes |
| Application | mahara | mahara | 1.5.8 | Yes |
| Application | mahara | mahara | 1.5.9 | Yes |
| Application | mahara | mahara | 1.5.10 | Yes |
| Application | mahara | mahara | 1.7. | Yes |
| Application | mahara | mahara | 1.7.0 | Yes |
| Application | mahara | mahara | 1.7.1 | Yes |
| Application | mahara | mahara | 1.7.2 | Yes |
| Application | mahara | mahara | 1.6.0 | Yes |
| Application | mahara | mahara | 1.6.1 | Yes |
| Application | mahara | mahara | 1.6.2 | Yes |
| Application | mahara | mahara | 1.6.3 | Yes |
| Application | mahara | mahara | 1.6.4 | Yes |
| Application | mahara | mahara | 1.6.5 | Yes |
| Application | mahara | mahara | 1.6.6 | Yes |