Ushahidi Platform Security Vulnerabilities and Issues — Ushahidi Platform CVE List

Lucene search

UshahidiUshahidi Platform

9 matches found

CVE•added 2012/08/12 9:55 p.m.•40 views

CVE-2012-3474

The comments API in application/libraries/api/MY_Comments_Api_Object.php in the Ushahidi Platform before 2.5 allows remote attackers to obtain sensitive information about the e-mail address, IP address, and other attributes of the author of a comment via an API function call.

5CVSS6.3AI score0.0025EPSS

CVE•added 2012/08/12 9:55 p.m.•38 views

CVE-2012-3470

Multiple SQL injection vulnerabilities in application/libraries/api/MY_Countries_Api_Object.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to _get_countries functions.

7.5CVSS8.7AI score0.00319EPSS

CVE•added 2012/08/12 9:55 p.m.•36 views

CVE-2012-3468

Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the verify function in application/controllers/alerts.php, (2) the save_all function in application/models/settings.php, or (3) the media ty...

7.5CVSS8.7AI score0.0039EPSS

CVE•added 2012/08/12 9:55 p.m.•35 views

CVE-2012-3476

Multiple cross-site scripting (XSS) vulnerabilities in (1) application/views/admin/layout.php and (2) themes/default/views/header.php in the Ushahidi Platform before 2.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to a site name.

3.5CVSS5.3AI score0.00159EPSS

CVE•added 2012/08/12 9:55 p.m.•32 views

CVE-2012-3471

Multiple SQL injection vulnerabilities in the edit functions in (1) application/controllers/admin/reports.php and (2) application/controllers/members/reports.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via an incident id.

7.5CVSS8.8AI score0.00319EPSS

CVE•added 2012/08/12 9:55 p.m.•30 views

CVE-2012-3469

Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2) application/libraries/api/MY_Checkin_Api_Object.php, (3)...

7.5CVSS8.7AI score0.00465EPSS

CVE•added 2012/08/12 9:55 p.m.•30 views

CVE-2012-3472

The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize messages via a GET request.

6.4CVSS6.8AI score0.00527EPSS

CVE•added 2012/08/12 9:55 p.m.•29 views

CVE-2012-3473

The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions.

6.4CVSS6.9AI score0.00299EPSS

CVE•added 2012/08/12 9:55 p.m.•29 views

CVE-2012-3475

The installer in the Ushahidi Platform before 2.5 omits certain calls to the exit function, which allows remote attackers to obtain administrative privileges via unspecified vectors.

7.5CVSS6.9AI score0.00519EPSS