cvelist/2017/1000xxx/CVE-2017-1000148.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
      "DATE_ASSIGNED" : "2017-08-22T17:29:33.359481",
      "ID" : "CVE-2017-1000148",
      "REQUESTER" : "info@mahara.org",
      "STATE" : "PUBLIC"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "Mahara",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_value" : "<15.04.8, <15.10.4, <16.04.2"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "Mahara"
            }
         ]
      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP \"unserialize()\" function when importing a skin from an XML file."
         }
      ]
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "PHP injection"
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "name" : "https://bugs.launchpad.net/mahara/+bug/1508684",
            "refsource" : "MISC",
            "url" : "https://bugs.launchpad.net/mahara/+bug/1508684"
         }
      ]
   }
}
CVEs for Mahara 2017-11-02 09:52:55 -06:00			`{`
- Synchronized data. 2017-11-03 14:04:51 -04:00			`"CVE_data_meta" : {`
			`"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",`
			`"DATE_ASSIGNED" : "2017-08-22T17:29:33.359481",`
			`"ID" : "CVE-2017-1000148",`
			`"REQUESTER" : "info@mahara.org",`
			`"STATE" : "PUBLIC"`
			`},`
			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [`
CVEs for Mahara 2017-11-02 09:52:55 -06:00			`{`
- Synchronized data. 2017-11-03 14:04:51 -04:00			`"product" : {`
			`"product_data" : [`
			`{`
			`"product_name" : "Mahara",`
			`"version" : {`
			`"version_data" : [`
			`{`
			`"version_value" : "<15.04.8, <15.10.4, <16.04.2"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name" : "Mahara"`
CVEs for Mahara 2017-11-02 09:52:55 -06:00			`}`
- Synchronized data. 2017-11-03 14:04:51 -04:00			`]`
			`}`
			`},`
			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP \"unserialize()\" function when importing a skin from an XML file."`
			`}`
			`]`
			`},`
			`"problemtype" : {`
			`"problemtype_data" : [`
			`{`
			`"description" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "PHP injection"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references" : {`
			`"reference_data" : [`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "https://bugs.launchpad.net/mahara/+bug/1508684",`
			`"refsource" : "MISC",`
- Synchronized data. 2017-11-03 14:04:51 -04:00			`"url" : "https://bugs.launchpad.net/mahara/+bug/1508684"`
			`}`
			`]`
			`}`
CVEs for Mahara 2017-11-02 09:52:55 -06:00			`}`