Vulnerability Details CVE-2022-45133
Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 allows unsafe font upload for skins. A particularly structured XML file could allow one to traverse the server to obtain access to secure files or cause code execution based on the payload.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.3%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2022-45133
-
cpe:2.3:a:mahara:mahara:21.10.0
-
cpe:2.3:a:mahara:mahara:21.10.1
-
cpe:2.3:a:mahara:mahara:21.10.2
-
cpe:2.3:a:mahara:mahara:21.10.4
-
cpe:2.3:a:mahara:mahara:21.10.5
-
cpe:2.3:a:mahara:mahara:22.04.0
-
cpe:2.3:a:mahara:mahara:22.04.2
-
cpe:2.3:a:mahara:mahara:22.04.3
-
cpe:2.3:a:mahara:mahara:22.10.0