CSRF Vulnerability in Mahara: Easily Guessable Randomly Generated Tokens

CSRF Vulnerability in Mahara: Easily Guessable Randomly Generated Tokens

CVE-2022-28892 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable.

Learn more about our Web Application Penetration Testing UK.