Vulnerability type: Code execution
Attack type: Local
Impact: Ability to gain privileges
Affected components: Exporting of collections with PDF export enabled
Attack vectors: If a person names a collection in a certain way then on exporting it can cause the name to be executed as a command.
Suggested description: In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could cause code execution.
For the security forum post:
Vulnerability type: Code execution
Attack type: Local
Impact: Ability to gain privileges
Affected components: Exporting of collections with PDF export enabled
Attack vectors: If a person names a collection in a certain way then on exporting it can cause the name to be executed as a command.
Suggested description: In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could cause code execution.
Reported by: Dominic Couture /bugs.launchpad .net/mahara/ +bug/1942903
Bug report: https:/
CVE reference: TBC