exploitDog

GHSA-fvcq-f7qr-c3pm

Опубликовано: 22 авг. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 allows unsafe font upload for skins. A particularly structured XML file could allow one to traverse the server to obtain access to secure files or cause code execution based on the payload.

Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 allows unsafe font upload for skins. A particularly structured XML file could allow one to traverse the server to obtain access to secure files or cause code execution based on the payload.

Ссылки

EPSS

Процентиль: 30%

0.00111

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-26

Связанные уязвимости

CVE-2022-45133

CVSS3: 6.5

nvd

6 месяцев назад

Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 allows unsafe font upload for skins. A particularly structured XML file could allow one to traverse the server to obtain access to secure files or cause code execution based on the payload.

CVE-2022-45133

CVSS3: 6.5

debian

6 месяцев назад

Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22 ...

EPSS

Процентиль: 30%

0.00111

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-26