CVE-2013-4432

Published: May 19, 2014Modified: May 6, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access to folders, which allows remote authenticated users to read arbitrary folders (1) by leveraging an active folder tab loaded before permissions were removed or (2) via the folder parameter to artefact/file/groupfiles.php.

Affected (27)

Products: Mahara: Mahara

Mahara

1 product

Mahara

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Mahara Mahara	Up to 1.5.12
Mahara Mahara	Version 1.5.0
Mahara Mahara	Version 1.5.10
Mahara Mahara	Version 1.5.11
Mahara Mahara	Version 1.5.1
Mahara Mahara	Version 1.5.2
Mahara Mahara	Version 1.5.3
Mahara Mahara	Version 1.5.4
Mahara Mahara	Version 1.5.6
Mahara Mahara	Version 1.5.7
Mahara Mahara	Version 1.5.8
Mahara Mahara	Version 1.5.9
Mahara Mahara	Version 1.5 rc1
Mahara Mahara	Version 1.5 rc2

Configuration B

8 vulnerable

Vulnerable Software	Affected Versions
Mahara Mahara	Version 1.6.0
Mahara Mahara	Version 1.6.1
Mahara Mahara	Version 1.6.2
Mahara Mahara	Version 1.6.3
Mahara Mahara	Version 1.6.4
Mahara Mahara	Version 1.6.5
Mahara Mahara	Version 1.6.6
Mahara Mahara	Version 1.6.7