← back
CVE-2012-2239

CVE-2012-2239

EPSS 1.6%
Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugs.launchpad.net/mahara/+bug/1047111https://mahara.org/interaction/forum/topic.php?id=4869http://www.debian.org/security/2012/dsa-2591