CVE-2022-33913

EUVD-2022-36950
In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
Affected Products (NVD)
VendorProductVersion
maharamahara
21.04.0 ≤
𝑥
< 21.04.6
maharamahara
21.10.0 ≤
𝑥
< 21.10.4
maharamahara
22.04.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://mahara.org/interaction/forum/topic.php?id=9138
https://mahara.org/interaction/forum/topic.php?id=9138