CVE-2022-45134
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-22
Last updated on: 2025-09-08
Assigner: MITRE
Description
Description
Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 deserializes user input unsafely during skin import. A particularly structured XML file could cause code execution when being processed.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mahara | mahara | From 21.10.0 (inc) to 21.10.6 (exc) |
| mahara | mahara | From 22.04.0 (inc) to 22.04.4 (exc) |
| mahara | mahara | From 22.10.0 (inc) to 22.10.1 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Mahara versions before 21.10.6, 22.04.4, and 22.10.1 involves unsafe deserialization of user input during the skin import process. Specifically, a specially crafted XML file can trigger code execution when processed by the application.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to execute arbitrary code on the affected system by submitting a specially structured XML file during skin import. This could lead to unauthorized control over the system, data compromise, or further attacks.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70