XML External Entity (XXE) Injection Vulnerability in Mahara 1.4.x and 1.5.x

XML External Entity (XXE) Injection Vulnerability in Mahara 1.4.x and 1.5.x

CVE-2012-2239 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php.

Learn more about our External Network Penetration Testing.