Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 deserializes user input unsafely during skin import. A particularly structured XML file could cause code execution when being processed.
Advisories
Source ID Title
EUVD EUVD EUVD-2022-48051 Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 deserializes user input unsafely during skin import. A particularly structured XML file could cause code execution when being processed.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 08 Sep 2025 16:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*

Tue, 26 Aug 2025 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-502
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sat, 23 Aug 2025 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Mahara
Mahara mahara
Vendors & Products Mahara
Mahara mahara

Fri, 22 Aug 2025 19:15:00 +0000

Type Values Removed Values Added
Description Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 deserializes user input unsafely during skin import. A particularly structured XML file could cause code execution when being processed.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-08-26T14:07:13.114Z

Reserved: 2022-11-10T00:00:00.000Z

Link: CVE-2022-45134

cve-icon Vulnrichment

Updated: 2025-08-26T13:08:34.817Z

cve-icon NVD

Status : Analyzed

Published: 2025-08-22T19:15:37.997

Modified: 2025-09-08T16:33:05.117

Link: CVE-2022-45134

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-23T10:55:07Z