CVE-2022-45134

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-45134
Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 deserializes user input unsafely during skin import. A particularly structured XML file could cause code execution when being processed.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://bugs.launchpad.net/mahara/+bug/1993082 Issue Tracking Vendor Advisory
https://mahara.org/interaction/forum/topic.php?id=9353 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*
History

08 Sep 2025, 16:33

Type Values Removed Values Added
CPE cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*
References () https://bugs.launchpad.net/mahara/+bug/1993082 - () https://bugs.launchpad.net/mahara/+bug/1993082 - Issue Tracking, Vendor Advisory
References () https://mahara.org/interaction/forum/topic.php?id=9353 - () https://mahara.org/interaction/forum/topic.php?id=9353 - Vendor Advisory
First Time Mahara
Mahara mahara

26 Aug 2025, 14:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CWE CWE-502

25 Aug 2025, 20:24

Type Values Removed Values Added
Summary
  • (es) Mahara 21.10 (anterior a 21.10.6), 22.04 (anterior a 22.04.4) y 22.10 (anterior a 22.10.1) deserializa la entrada del usuario de forma insegura durante la importación de la apariencia. Un archivo XML con una estructura particular podría provocar la ejecución de código durante su procesamiento.

22 Aug 2025, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-22 19:15

Updated : 2025-09-08 16:33

NVD link : CVE-2022-45134

Mitre link : CVE-2022-45134

CVE.ORG link : CVE-2022-45134

JSON object : View

Products Affected

mahara

  • mahara
CWE
CWE-502

Deserialization of Untrusted Data