| |
Vulnerability CVE-2021-43266
Published: 2021-11-02 Modified: 2021-11-03
| Description: |
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name. |
Type:
CWE-77 (Improper Neutralization of Special Elements used in a Command ('Command Injection'))
CVSS2 => (AV:N/AC:H/Au:S/C:P/I:P/A:P)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
4.6/10 |
6.4/10 |
3.9/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
High |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
https://bugs.launchpad.net/mahara/+bug/1942903
https://mahara.org/interaction/forum/topic.php?id=8952
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
