Comment 5 for bug 1942903

For the security forum post:

Vulnerability type: Code execution
Attack type: Local
Impact: Ability to gain privileges

Affected components: Exporting of collections with PDF export enabled
Attack vectors: If a person names a collection in a certain way then on exporting it can cause the name to be executed as a command.

Suggested description: In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could cause code execution.

Reported by: Dominic Couture
Bug report: https://bugs.launchpad.net/mahara/+bug/1942903
CVE reference: TBC