CVE-2017-1000148

Published Nov 3, 2017

Last updated 5 months ago

CVSS high 8.8

Overview

Description: Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize()" function when importing a skin from an XML file.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-502

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6932E7F9-BA51-4099-8987-8944E0284B7B"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "022D7031-54EF-484C-B076-15C4342532E3"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6FFB08C5-151E-49D2-AC13-1018FF402569"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "853E7231-70C7-4A1F-817F-E43D78BCB060"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96E14503-4E8B-44F5-9CAB-EF074CA71862"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9AD7E980-E0C1-44D1-AFDE-F47CE3A48C71"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C9623EF-7C2D-4A58-AF56-DBD8707CC9EE"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00782DDD-90C9-410F-A810-F5632AD25132"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mahara:mahara:16.04:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1C7261F-8712-4405-A1C0-C36FD9BE64EF"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:16.04:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74C6846C-42FB-454E-B4BA-0DAA43C1A0C3"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:16.04.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C6F378F-9282-46B4-BF84-B08418C2B592"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:16.04.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28E5C4FE-5195-40FA-8580-2AF84D370B2F"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "609A3054-6DA9-44A8-9927-29E181D4D07F"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.10.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5E8584F-8CD3-415C-BFC0-DC825089CA42"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.10.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "023729FA-BEA6-4D89-87B3-C91A7FBDDD46"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.10.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CEC8639-ECF7-4479-B88E-EA3C3D7F6A0A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References