In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the path component for the page help file allows attackers to bypass the intended access control for HTML files via directory traversal. It replaces the - character with the / character.
                
            References
                    | Link | Resource | 
|---|---|
| https://bugs.launchpad.net/mahara/+bug/1944979 | Exploit Third Party Advisory | 
| https://mahara.org/interaction/forum/topic.php?id=8954 | Vendor Advisory | 
| https://bugs.launchpad.net/mahara/+bug/1944979 | Exploit Third Party Advisory | 
| https://mahara.org/interaction/forum/topic.php?id=8954 | Vendor Advisory | 
Configurations
                    Configuration 1 (hide)
| 
 | 
History
                    No history.
Information
                Published : 2021-11-02 22:15
Updated : 2024-11-21 06:28
NVD link : CVE-2021-43264
Mitre link : CVE-2021-43264
CVE.ORG link : CVE-2021-43264
JSON object : View
Products Affected
                mahara
- mahara
CWE
                
                    
                        
                        CWE-22
                        
            Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
