Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize()" function when importing a skin from an XML file.
                
            References
                    | Link | Resource | 
|---|---|
| https://bugs.launchpad.net/mahara/+bug/1508684 | Issue Tracking Patch Third Party Advisory | 
| https://bugs.launchpad.net/mahara/+bug/1508684 | Issue Tracking Patch Third Party Advisory | 
Configurations
                    Configuration 1 (hide)
| 
 | 
Configuration 2 (hide)
| 
 | 
Configuration 3 (hide)
| 
 | 
History
                    No history.
Information
                Published : 2017-11-03 18:29
Updated : 2025-04-20 01:37
NVD link : CVE-2017-1000148
Mitre link : CVE-2017-1000148
CVE.ORG link : CVE-2017-1000148
JSON object : View
Products Affected
                mahara
- mahara
CWE
                
                    
                        
                        CWE-502
                        
            Deserialization of Untrusted Data
