cvedb.io
CVE-2021-43264
LOW · CVSS 3.3
EPSS exploitation probability: 0%
Published 2021-11-02T22:15:09.027 · Last modified 2026-06-17T04:10:44.987

Summary

In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the path component for the page help file allows attackers to bypass the intended access control for HTML files via directory traversal. It replaces the - character with the / character.

Affected products

mahara — mahara

Does this affect you?

Add your gear to cvedb and we'll alert you only when mahara ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.