Description
An issue was discovered in Mahara 23.04.8 and 24.04.4. The use of a malicious export download URL can allow an attacker to download files that they do not have permission to download.
References
mahara.org/interaction/forum/view.php?id=43
mahara.org/interaction/forum/topic.php?id=9594
