2 matches found
CVE-2012-3473
The 1 reports API and 2 administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions...
CVE-2012-3473
The CVE concerns Ushahidi Platform prior to version 2.5 where the (1) reports API and (2) the admin feature of the comments API do not require authentication, allowing unauthenticated remote manipulation via API functions (generate reports and organize comments). Root cause: endpoints expose thes...