Clickjacking vulnerability in Mahara 1.4.x and 1.5.x allows remote attackers to delete arbitrary users and bypass CSRF protection

Clickjacking vulnerability in Mahara 1.4.x and 1.5.x allows remote attackers to delete arbitrary users and bypass CSRF protection

CVE-2012-2246 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to conduct clickjacking attacks to delete arbitrary users and bypass CSRF protection via account/delete.php.

Learn more about our User Device Pen Test.