CVE-2012-2246

Опубликовано: 24 нояб. 2012

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to conduct clickjacking attacks to delete arbitrary users and bypass CSRF protection via account/delete.php.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mahara:mahara:1.4:rc1:*:*:*:*:*:*

cpe:2.3:a:mahara:mahara:1.4:rc2:*:*:*:*:*:*

cpe:2.3:a:mahara:mahara:1.4:rc3:*:*:*:*:*:*

cpe:2.3:a:mahara:mahara:1.4:rc4:*:*:*:*:*:*

cpe:2.3:a:mahara:mahara:1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:mahara:mahara:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:mahara:mahara:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:mahara:mahara:1.4.3:*:*:*:*:*:*:*

cpe:2.3:a:mahara:mahara:1.4.4:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:mahara:mahara:1.5:rc1:*:*:*:*:*:*

cpe:2.3:a:mahara:mahara:1.5:rc2:*:*:*:*:*:*

cpe:2.3:a:mahara:mahara:1.5.0:*:*:*:*:*:*:*

cpe:2.3:a:mahara:mahara:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:mahara:mahara:1.5.2:*:*:*:*:*:*:*

cpe:2.3:a:mahara:mahara:1.5.3:*:*:*:*:*:*:*

EPSS

Процентиль: 52%

0.00286

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2012-2246

ubuntu

около 13 лет назад

Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to conduct clickjacking attacks to delete arbitrary users and bypass CSRF protection via account/delete.php.

CVE-2012-2246

debian

около 13 лет назад

Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attacke ...

GHSA-f562-34hv-qg95

github

больше 3 лет назад

Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to conduct clickjacking attacks to delete arbitrary users and bypass CSRF protection via account/delete.php.

EPSS

Процентиль: 52%

0.00286

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-20