Comment 0 for bug 1480329

Hi this is Abdullah ,

I found CSRF make user upload files to any group without his know it can be used to attack admins to upload evil files .

PoC :


the fix :

check sesskey is valid in (groupfiles.php)

I hope put my name in release note .

Are there a CVE for this bug ?


Used mahara least version