Clickjacking vulnerability in Mahara 1.4.x and 1.5.x allows remote attackers to delete arbitrary users and bypass CSRF protection
CVE-2012-2246 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to conduct clickjacking attacks to delete arbitrary users and bypass CSRF protection via account/delete.php.
Learn more about our User Device Pen Test.