CVE-2022-33913

CVSS 7.5 - HIGH

Description

In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check.

Affected Products

3

Vendor	Product	Version
mahara	mahara	`All versions`
mahara	mahara	`All versions`
mahara	mahara	`22.04.2`

References

https://mahara.org/interaction/forum/topic.php?id=...

https://mahara.org/interaction/forum/topic.php?id=...

Weakness Types

CWE-862

CVE Information

CVE ID:: CVE-2022-33913
Published:: 2022-06-20
Modified:: 2024-11-21
CVSS Score:: 7.5
Severity:: HIGH
Vector:: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Vendors

mahara

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL