Vulnerability Description
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name. Additional, in Mahara before 20.10.4, 21.04.3, and 21.10.1, exporting collections via PDF export could cause code execution
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mahara | Mahara | >= 20.04.0, < 20.04.5 |
Related Weaknesses (CWE)
References
- https://bugs.launchpad.net/mahara/+bug/1942903ExploitThird Party Advisory
- https://bugs.launchpad.net/mahara/+bug/1949527Third Party Advisory
- https://mahara.org/interaction/forum/topic.php?id=8952Vendor Advisory
- https://mahara.org/interaction/forum/topic.php?id=8995Vendor Advisory
- https://bugs.launchpad.net/mahara/+bug/1942903ExploitThird Party Advisory
- https://bugs.launchpad.net/mahara/+bug/1949527Third Party Advisory
- https://mahara.org/interaction/forum/topic.php?id=8952Vendor Advisory
- https://mahara.org/interaction/forum/topic.php?id=8995Vendor Advisory
FAQ
What is CVE-2021-43266?
CVE-2021-43266 is a vulnerability with a CVSS score of 7.3 (HIGH). In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name. Additional, in Mahara before 2...
How severe is CVE-2021-43266?
CVE-2021-43266 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-43266?
Check the references section above for vendor advisories and patch information. Affected products include: Mahara Mahara.