FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mahara -- sql injection vulnerability

Affected packages
mahara < 1.1.8

Details

VuXML ID 5053420c-4935-11df-83fb-0015587e2cc1
Discovery 2010-04-06
Entry 2010-04-18

The Debian security team reports:

It was discovered that mahara, an electronic portfolio, weblog, and resume builder is not properly escaping input when generating a unique username based on a remote user name from a single sign-on application. An attacker can use this to compromise the mahara database via crafted user names.

References

Bugtraq ID 39253
CVE Name CVE-2010-0400
URL http://www.debian.org/security/2010/dsa-2030