Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly prevent access to blocks, which allows remote authenticated users to modify arbitrary blocks via the bock id in an edit request.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Information
Published : 2014-05-19 07:55
Updated : 2014-05-19 11:43
NVD link : CVE-2013-4431
Mitre link : CVE-2013-4431
JSON object : View
CWE
CWE-264
Permissions, Privileges, and Access Controls
Products Affected
mahara
- mahara