CRITICAL🇵🇱 Wersja polska

CVE-2024-39335

CVSS 9.1v3.1pub. 2025-08-26upd. 2025-09-05

Supported versions of Mahara 24.04 before 24.04.1 and 23.04 before 23.04.6 are vulnerable to information being disclosed to an institution administrator under certain conditions via the 'Current submissions' page: Administration -> Groups -> Submissions.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Mahara

    APP
    Mahara
    23.04.0 – 23.04.6 (bez)24.04.0 – 24.04.1 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-45134CRITICAL9.8PL ✓ten sam produkt

Niebezpieczna deserializacja danych wejściowych w Mahara — RCE przez import skórki

CVE-2022-44544CRITICAL9.8ten sam produkt

Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially ...

CVE-2021-40849CRITICAL9.8ten sam produkt

In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web services token is v...

CVE-2017-1000154CRITICAL9.8ten sam produkt

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to some authentic...

CVE-2017-1000153CRITICAL9.8ten sam produkt

Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect acc...