VYPR
High severity8.8NVD Advisory· Published Nov 3, 2017· Updated Jun 17, 2026

CVE-2017-1000148

CVE-2017-1000148

Description

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize()" function when importing a skin from an XML file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

19
  • cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*+ 18 more
    • cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:15.04.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:15.04.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:15.04.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:15.04.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:15.04.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:15.04.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:15.10.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:15.10.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:15.10.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:15.10.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:16.04.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:16.04.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:16.04:rc1:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:16.04:rc2:*:*:*:*:*:*
    • (no CPE)range: <15.04.8, <15.10.4, <16.04.2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.