Vulnerability Name: | CVE-2017-1000148 (CCN-134459) | ||||||||||||
Assigned: | 2016-10-21 | ||||||||||||
Published: | 2016-10-21 | ||||||||||||
Updated: | 2019-10-03 | ||||||||||||
Summary: | Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize()" function when importing a skin from an XML file. | ||||||||||||
CVSS v3 Severity: | 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
| ||||||||||||
Vulnerability Type: | CWE-502 | ||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2017-1000148 Source: CCN Type: Mahara Bugs: 1508684 Unserialize untrusted data when importing skins Source: MISC Type: Issue Tracking, Patch, Third Party Advisory https://bugs.launchpad.net/mahara/+bug/1508684 Source: XF Type: UNKNOWN mahara-cve20171000148-code-exec(134459) Source: CCN Type: Mahara Web site Mahara | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
BACK |