Vulnerability Description
Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mahara | Mahara | >= 1.4.0, < 1.4.4 |
| Debian | Debian Linux | 6.0 |
Related Weaknesses (CWE)
References
- http://www.debian.org/security/2012/dsa-2591Mailing List
- https://bugs.launchpad.net/mahara/+bug/1047111Issue TrackingPatch
- https://mahara.org/interaction/forum/topic.php?id=4869Vendor Advisory
- http://www.debian.org/security/2012/dsa-2591Mailing List
- https://bugs.launchpad.net/mahara/+bug/1047111Issue TrackingPatch
- https://mahara.org/interaction/forum/topic.php?id=4869Vendor Advisory
FAQ
What is CVE-2012-2239?
CVE-2012-2239 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading...
How severe is CVE-2012-2239?
CVE-2012-2239 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2012-2239?
Check the references section above for vendor advisories and patch information. Affected products include: Mahara Mahara, Debian Debian Linux.