CVE-2012-2239

{"id": "CVE-2012-2239", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2012-11-24T20:55:02.087", "references": [{"url": "http://www.debian.org/security/2012/dsa-2591", "tags": ["Mailing List"], "source": "[email protected]"}, {"url": "https://bugs.launchpad.net/mahara/+bug/1047111", "tags": ["Issue Tracking", "Patch"], "source": "[email protected]"}, {"url": "https://mahara.org/interaction/forum/topic.php?id=4869", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "http://www.debian.org/security/2012/dsa-2591", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugs.launchpad.net/mahara/+bug/1047111", "tags": ["Issue Tracking", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://mahara.org/interaction/forum/topic.php?id=4869", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php."}, {"lang": "es", "value": "Mahara v1.4.x anterior a v1.4.4 y v1.5.x anterior a v1.5.3 permite a atacantes remotos leer archivos arbitrarios o crear conexiones TCP a trav\u00e9s de un ataque de inyecci\u00f3n en una entidad XML externa (XXE), como se demuestra por la lectura de config.php."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "611F8B3B-24B5-48F5-8B00-34D963456F31", "versionEndExcluding": "1.4.4", "versionStartIncluding": "1.4.0"}, {"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9347221B-9020-44E1-B9E7-13C95FBD8633", "versionEndExcluding": "1.5.3", "versionStartIncluding": "1.5.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}