Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into their Mahara account.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Catalyst Mahara 安全漏洞
Vulnerability Description
Catalyst Mahara是新西兰Catalyst IT公司的一套社交网络系统。该系统包含博客、履历表生成器、文件管理器等。 Catalyst Mahara 1.9.8之前的1.9版本、1.10.6之前的1.10版本和15.04.3之前的15.04版本中存在安全漏洞,该漏洞源于程序没有检测会话密钥。攻击者可利用该漏洞诱使用户在不知情的情况下向Mahara账户中上传恶意的文件。
CVSS Information
N/A
Vulnerability Type
N/A