CVE-2024-47853

Published: Aug 26, 2025Modified: Sep 22, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Mahara 23.04.8 and 24.04.4. Attackers may utilize escalation of privileges in certain cases when logging into Mahara with Learning Tools Interoperability (LTI).

Affected (2)

Products: Mahara: Mahara

Mahara

1 product

Mahara

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Mahara Mahara	Before 23.04.9
Mahara Mahara	From 24.04.0 to 24.04.5

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://mahara.org/interaction/forum/topic.php?id=9594

Source: cve@mitre.org

Vendor Advisory

https://www.mahara.org

Source: cve@mitre.org

Product

Timeline

No history available yet.