CVE-2012-3473
N/A
N/A
Summary
The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/ushahidi/Ushahidi_Web/commit/13ca6f4
- http://openwall.com/lists/oss-security/2012/08/09/5
- https://github.com/ushahidi/Ushahidi_Web/commit/f67f4ad
References
- https://github.com/ushahidi/Ushahidi_Web/commit/13ca6f4
- http://openwall.com/lists/oss-security/2012/08/09/5
- https://github.com/ushahidi/Ushahidi_Web/commit/f67f4ad
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.