CVE-2013-4432
CVSS 4.0 - MEDIUM
Description
Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access to folders, which allows remote authenticated users to read arbitrary folders (1) by leveraging an active folder tab loaded before permissions were removed or (2) via the folder parameter to artefact/file/groupfiles.php.
Affected Products
27| Vendor | Product | Version |
|---|---|---|
| mahara | mahara |
All versions
|
| mahara | mahara |
1.5
|
| mahara | mahara |
1.5
|
| mahara | mahara |
1.5.0
|
| mahara | mahara |
1.5.1
|
| mahara | mahara |
1.5.2
|
| mahara | mahara |
1.5.3
|
| mahara | mahara |
1.5.4
|
| mahara | mahara |
1.5.6
|
| mahara | mahara |
1.5.7
|
| mahara | mahara |
1.5.8
|
| mahara | mahara |
1.5.9
|
| mahara | mahara |
1.5.10
|
| mahara | mahara |
1.5.11
|
| mahara | mahara |
1.6.0
|
| mahara | mahara |
1.6.1
|
| mahara | mahara |
1.6.2
|
| mahara | mahara |
1.6.3
|
| mahara | mahara |
1.6.4
|
| mahara | mahara |
1.6.5
|
| mahara | mahara |
1.6.6
|
| mahara | mahara |
1.6.7
|
| mahara | mahara |
1.7.
|
| mahara | mahara |
1.7.0
|
| mahara | mahara |
1.7.1
|
| mahara | mahara |
1.7.2
|
| mahara | mahara |
1.7.3
|
References
Weakness Types
CWE-264
CVE Information
- CVE ID:
CVE-2013-4432- Published:
- 2014-05-19
- Modified:
- 2026-05-06
- CVSS Score:
- 4.0
- Severity:
- MEDIUM
- Vector:
AV:N/AC:L/Au:S/C:P/I:N/A:N
Affected Vendors
mahara
Quick Actions
CVSS Severity Scale
0.0 - 3.9
LOW
4.0 - 6.9
MEDIUM
7.0 - 8.9
HIGH
9.0 - 10.0
CRITICAL