CVE-2024-47192
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-26
Last updated on: 2025-09-05
Assigner: MITRE
Description
Description
An issue was discovered in Mahara 23.04.8 and 24.04.4. The use of a malicious export download URL can allow an attacker to download files that they do not have permission to download.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mahara | mahara | to 23.04.9 (exc) |
| mahara | mahara | From 24.04.0 (inc) to 24.04.5 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-494 | The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Mahara versions 23.04.8 and 24.04.4 allows an attacker to use a malicious export download URL to download files that they are not authorized to access.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to sensitive or restricted files, potentially exposing confidential information to attackers.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70