Mahara

  1. Series 20.10
  2. Bug #1930471
  3. Comment #3

Comment 3 for bug 1930471

Revision history for this message
Robert Lyon (robertl-9) wrote :

A potential exploit example

Making a username be:

='file:///etc/passwd'#$passwd.A1

then selecting person via Admin -> People page and exporting CSV of them