Critical severity9.1NVD Advisory· Published Nov 24, 2012· Updated Jun 16, 2026
CVE-2012-2239
CVE-2012-2239
Description
Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*range: >=1.4.0,<1.4.4
- (no CPE)range: >=1.4.0, <1.4.4; >=1.5.0, <1.5.3
Patches
Vulnerability mechanics
References
3- bugs.launchpad.net/mahara/+bug/1047111nvdIssue TrackingPatch
- mahara.org/interaction/forum/topic.phpnvdVendor Advisory
- www.debian.org/security/2012/dsa-2591nvdMailing List
News mentions
0No linked articles in our index yet.