Vulnerabilities > Mahara

DATE CVE VULNERABILITY TITLE RISK
2012-11-24 CVE-2012-2239 XXE vulnerability in multiple products
Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php.
network
low complexity
mahara debian CWE-611
critical
 9.1
9.1