First published: Fri Aug 07 2020(Updated: )
In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before 20.04.1, certain places could execute file or folder names containing JavaScript.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mahara Mahara | >=19.04<19.04.6 | |
Mahara Mahara | >=19.10<19.10.4 | |
Mahara Mahara | >=20.04<20.04.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-15907 is a vulnerability in Mahara CMS versions 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before 20.04.1 that allows execution of code contained in file or folder names.
CVE-2020-15907 affects Mahara CMS versions 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before 20.04.1 by allowing the execution of code contained in certain file or folder names that may contain JavaScript.
CVE-2020-15907 has a severity value of 6.1, which is considered medium.
To fix CVE-2020-15907, it is recommended to upgrade to Mahara CMS versions 19.04.6, 19.10.4, or 20.04.1.
More information about CVE-2020-15907 can be found at the following references: [1], [2].