Lucene search

RedhatCVE-2012-3471

HistoryAug 12, 2012 - 9:55 p.m.

CVE-2012-3471

2012-08-1221:55:01

CWE-89

redhat

web.nvd.nist.gov

cve

2012

3471

sql injection

ushahidi platform

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.8

Confidence

Low

EPSS

0.001

Percentile

44.3%

JSON

Multiple SQL injection vulnerabilities in the edit functions in (1) application/controllers/admin/reports.php and (2) application/controllers/members/reports.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via an incident id.

Affected configurations

Nvd

Node

ushahidiushahidi_platformRange≤2.4.1

ushahidiushahidi_platformMatch1.0

ushahidiushahidi_platformMatch1.2

ushahidiushahidi_platformMatch2.0

ushahidiushahidi_platformMatch2.1

ushahidiushahidi_platformMatch2.2

ushahidiushahidi_platformMatch2.2.1

ushahidiushahidi_platformMatch2.3.1

ushahidiushahidi_platformMatch2.3.2

ushahidiushahidi_platformMatch2.4

VendorProductVersionCPE
ushahidiushahidi_platform*cpe:2.3:a:ushahidi:ushahidi_platform:*:*:*:*:*:*:*:*
ushahidiushahidi_platform1.0cpe:2.3:a:ushahidi:ushahidi_platform:1.0:*:*:*:*:*:*:*
ushahidiushahidi_platform1.2cpe:2.3:a:ushahidi:ushahidi_platform:1.2:*:*:*:*:*:*:*
ushahidiushahidi_platform2.0cpe:2.3:a:ushahidi:ushahidi_platform:2.0:*:*:*:*:*:*:*
ushahidiushahidi_platform2.1cpe:2.3:a:ushahidi:ushahidi_platform:2.1:*:*:*:*:*:*:*
ushahidiushahidi_platform2.2cpe:2.3:a:ushahidi:ushahidi_platform:2.2:*:*:*:*:*:*:*
ushahidiushahidi_platform2.2.1cpe:2.3:a:ushahidi:ushahidi_platform:2.2.1:*:*:*:*:*:*:*
ushahidiushahidi_platform2.3.1cpe:2.3:a:ushahidi:ushahidi_platform:2.3.1:*:*:*:*:*:*:*
ushahidiushahidi_platform2.3.2cpe:2.3:a:ushahidi:ushahidi_platform:2.3.2:*:*:*:*:*:*:*
ushahidiushahidi_platform2.4cpe:2.3:a:ushahidi:ushahidi_platform:2.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ushahidi	ushahidi_platform	*	cpe:2.3:a:ushahidi:ushahidi_platform::::::::
ushahidi	ushahidi_platform	1.0	cpe:2.3:a:ushahidi:ushahidi_platform:1.0:::::::*
ushahidi	ushahidi_platform	1.2	cpe:2.3:a:ushahidi:ushahidi_platform:1.2:::::::*
ushahidi	ushahidi_platform	2.0	cpe:2.3:a:ushahidi:ushahidi_platform:2.0:::::::*
ushahidi	ushahidi_platform	2.1	cpe:2.3:a:ushahidi:ushahidi_platform:2.1:::::::*
ushahidi	ushahidi_platform	2.2	cpe:2.3:a:ushahidi:ushahidi_platform:2.2:::::::*
ushahidi	ushahidi_platform	2.2.1	cpe:2.3:a:ushahidi:ushahidi_platform:2.2.1:::::::*
ushahidi	ushahidi_platform	2.3.1	cpe:2.3:a:ushahidi:ushahidi_platform:2.3.1:::::::*
ushahidi	ushahidi_platform	2.3.2	cpe:2.3:a:ushahidi:ushahidi_platform:2.3.2:::::::*
ushahidi	ushahidi_platform	2.4	cpe:2.3:a:ushahidi:ushahidi_platform:2.4:::::::*

References

openwall.com/lists/oss-security/2012/08/09/5

github.com/ushahidi/Ushahidi_Web/commit/3f14fa0

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.8

Confidence

Low

EPSS

0.001

Percentile

44.3%

JSON

Related for CVE-2012-3471