Mahara XML External Entity CVE-2012-2239 Information Disclosure Vulnerability

Mahara is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to gain access to sensitive information or create TCP connections through an XML external entity (XXE) injection attack; this may lead to further attacks.

Mahara 1.4.x versions prior to 1.4.4 and 1.5.x versions prior to 1.5.3 are affected.


Privacy Statement
Copyright 2010, SecurityFocus