First published: Mon Jun 20 2022(Updated: )
In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mahara Mahara | >=21.04.0<21.04.6 | |
Mahara Mahara | >=21.10.0<21.10.4 | |
Mahara Mahara | =22.04.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-33913.
The severity of CVE-2022-33913 is high with a severity value of 7.5.
In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check.
CVE-2022-33913 affects Mahara versions 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2.
To fix CVE-2022-33913, you should upgrade to Mahara version 21.04.6, 21.10.4, or 22.04.2.