CVE-2018-11196 Information
Feb 14, 2021
cve
Description
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 can be used as medium to transmit viruses by placing infected files into a Leap2A archive and uploading that to Mahara. In contrast to other ZIP files that are uploaded ClamAV (when activated) does not check Leap2A archives for viruses allowing malicious files to be available for download. While files cannot be executed on Mahara itself Mahara can be used to transfer such files to user computers.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Reference
https://bugs.launchpad.net/bugs/1770535 https://mahara.org/interaction/forum/topic.php?id=8270
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
HIGH
Base Score
NONE
Base Severity
7.5
Share on: