FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mahara -- sql injection vulnerability

Affected packages
mahara < 1.1.8

Details

VuXML ID 5053420c-4935-11df-83fb-0015587e2cc1
Discovery 2010-04-06
Entry 2010-04-18

The Debian security team reports:

It was discovered that mahara, an electronic portfolio, weblog, and resume builder is not properly escaping input when generating a unique username based on a remote user name from a single sign-on application. An attacker can use this to compromise the mahara database via crafted user names.

[source]

References

Bugtraq ID 39253
CVE Name CVE-2010-0400
URL http://www.debian.org/security/2010/dsa-2030

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.