VYPR
Critical severity9.1NVD Advisory· Published Nov 24, 2012· Updated Jun 16, 2026

CVE-2012-2239

CVE-2012-2239

Description

Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*range: >=1.4.0,<1.4.4
    • (no CPE)range: >=1.4.0, <1.4.4; >=1.5.0, <1.5.3
  • cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.