CVE-2011-2774 Information

Description

The \Reply to message\ feature in Mahara 1.3.x and 1.4.x before 1.4.1 allows remote authenticated users to read the messages of a different user via a modified replyto parameter.

Reference

http://secunia.com/advisories/46719 https://launchpad.net/bugs/798128 https://launchpad.net/mahara/+milestone/1.4.1