Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into their Mahara account.
2017-11-03T18:29:00.793
2025-04-20T01:37:25.860
Deferred
CVSSv3.0: 6.8 (MEDIUM)
AV:N/AC:M/Au:S/C:P/I:P/A:P
6.8
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | mahara | mahara | 1.9 | Yes |
| Application | mahara | mahara | 1.9.0 | Yes |
| Application | mahara | mahara | 1.9.1 | Yes |
| Application | mahara | mahara | 1.9.2 | Yes |
| Application | mahara | mahara | 1.9.3 | Yes |
| Application | mahara | mahara | 1.9.4 | Yes |
| Application | mahara | mahara | 1.9.5 | Yes |
| Application | mahara | mahara | 1.9.6 | Yes |
| Application | mahara | mahara | 1.9.7 | Yes |
| Application | mahara | mahara | 1.10 | Yes |
| Application | mahara | mahara | 1.10.0 | Yes |
| Application | mahara | mahara | 1.10.1 | Yes |
| Application | mahara | mahara | 1.10.2 | Yes |
| Application | mahara | mahara | 1.10.3 | Yes |
| Application | mahara | mahara | 1.10.4 | Yes |
| Application | mahara | mahara | 1.10.5 | Yes |
| Application | mahara | mahara | 15.04 | Yes |
| Application | mahara | mahara | 15.04 | Yes |
| Application | mahara | mahara | 15.04.0 | Yes |
| Application | mahara | mahara | 15.04.1 | Yes |
| Application | mahara | mahara | 15.04.2 | Yes |