CVE-2009-3298

Severity

65%

Complexity

80%

Confidentiality

106%

Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote authenticated institution administrators to reset a site administrator password via unspecified vectors.

Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote authenticated institution administrators to reset a site administrator password via unspecified vectors.

CVSS 2.0 Base Score 6.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P).

Overview

Type

Mahara

First reported 15 years ago

2009-11-03 16:30:00

Last updated 15 years ago

2009-11-04 05:00:00

Affected Software

Mahara 1.0.0

1.0.0

Mahara 1.0.1

1.0.1

Mahara 1.0.2

1.0.2

Mahara 1.0.3

1.0.3

Mahara 1.0.4

1.0.4

Mahara 1.0.5

1.0.5

Mahara 1.0.6

1.0.6

Mahara 1.0.7

1.0.7

Mahara 1.0.8

1.0.8

Mahara 1.0.10

1.0.10

Mahara 1.0.11

1.0.11

Mahara 1.1.0

1.1.0

Mahara 1.1.0 alpha1

1.1.0

Mahara 1.1.0 alpha2

1.1.0

Mahara 1.1.0alpha3

1.1.0

Mahara 1.1.0 beta1

1.1.0

Mahara 1.1.0 beta2

1.1.0

Mahara 1.1.0 beta3

1.1.0

Mahara 1.1.0 beta4

1.1.0

Mahara 1.1.0 release candidate 1

1.1.0

Mahara 1.1.0 release candidate 2

1.1.0

Mahara 1.1.1

1.1.1

Mahara 1.1.2

1.1.2

Mahara 1.1.3

1.1.3

Mahara 1.1.4

1.1.4

Mahara 1.1.5

1.1.5

Mahara 1.1.6

1.1.6

References

http://eduforge.org/frs/shownotes.php?release_id=546

Patch

http://eduforge.org/frs/shownotes.php?release_id=547

http://mahara.org/interaction/forum/topic.php?id=1169

Vendor Advisory

37217

Vendor Advisory

37218

Vendor Advisory

DSA-1924

59584

36893

Patch

ADV-2009-3101

Patch, Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.