Primary

Context

Mahara Directory Traversal Vulnerability Allowing Unauthorized File Downloads

Vulnerability

Patched

A directory traversal vulnerability has been identified in Mahara versions 23.04.8 and 24.04.4. This vulnerability allows an attacker to exploit a malicious export download URL to access and download files without proper authorization.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure by allowing attackers to download restricted files.

Remediation

Users can update to Mahara versions 23.04.9 or 24.04.5, both of which include the necessary fix. Instructions for updating Mahara are available on the Mahara wiki.

Added: Aug 26, 2025, 9:17 PM

Updated: Aug 26, 2025, 9:17 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

6.0

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

6.0

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mahara Directory Traversal Vulnerability Allowing Unauthorized File Downloads

Vulnerability

Impact

Remediation

Affected Products

Mahara

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating