FreeBSD : mahara -- sql injection vulnerability (5053420c-4935-11df-83fb-0015587e2cc1)
High Nessus Plugin ID 45561
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionThe Debian security team reports :
It was discovered that mahara, an electronic portfolio, weblog, and resume builder is not properly escaping input when generating a unique username based on a remote user name from a single sign-on application. An attacker can use this to compromise the mahara database via crafted user names.
SolutionUpdate the affected package.