Shodan
Vulnerabilities
Vulnerable Software
Mahara:  >> Mahara  >> 21.04.4  Security Vulnerabilities
CVE-2024-35203
Mahara before 22.10.6, 23.04.6, and 24.04.1 allows cross-site scripting (XSS) via a file, with JavaScript code as part of its name, that is uploaded via the Mahara filebrowser system.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-08-26
CVE-2024-47192
An issue was discovered in Mahara 23.04.8 and 24.04.4. The use of a malicious export download URL can allow an attacker to download files that they do not have permission to download.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-08-26
CVE-2025-29992
Mahara before 24.04.9 exposes database connection information if the database becomes unreachable, e.g., due to the database server being temporarily down or too busy.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-08-26
CVE-2024-47853
An issue was discovered in Mahara 23.04.8 and 24.04.4. Attackers may utilize escalation of privileges in certain cases when logging into Mahara with Learning Tools Interoperability (LTI).
CVSS Score
8.8
EPSS Score
0.001
Published
2025-08-26
CVE-2024-45753
In Mahara 23.04.8 and 24.04.4, the external RSS feed block can cause XSS if the external feed XML has a malicious value for the link attribute.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-08-26
CVE-2023-47799
Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the cache is not cleared after the files of one account are exported.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-08-25
CVE-2022-42707
In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-11-06
CVE-2022-44544
Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-11-06
CVE-2022-33913
In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-06-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved