CVE-2022-44544

CVSS 9.8 - CRITICAL
Description

Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript.

Affected Products
5
Vendor Product Version
mahara mahara All versions
mahara mahara All versions
mahara mahara All versions
mahara mahara 22.10.0
canonical ubuntu_linux 18.04
References
https://bugs.launchpad.net/mahara/+bug/1979575
https://mahara.org/interaction/forum/topic.php?id=...
https://bugs.launchpad.net/mahara/+bug/1979575
https://mahara.org/interaction/forum/topic.php?id=...
Weakness Types
NVD-CWE-Other CWE-250
CVE Information
CVE ID:
CVE-2022-44544
Published:
2022-11-06
Modified:
2025-05-02
CVSS Score:
9.8
Severity:
CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Vendors
canonical mahara
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL