Server-side Request Forgery Vulnerability in Mahara Versions 1.8 to 1.8.7, 1.9 to 1.9.5, 1.10 to 1.10.3, and 15.04 to 15.04.0

Server-side Request Forgery Vulnerability in Mahara Versions 1.8 to 1.8.7, 1.9 to 1.9.5, 1.10 to 1.10.3, and 15.04 to 15.04.0

CVE-2017-1000139 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:P

Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list. Employing SafeCurl will prevent issues.

Learn more about our Cis Benchmark Audit For Server Software.