CVE-2012-3468
Ushahidi Platform < 2.5 - SQL Injection via Alerts Verify, Settings Save, or Timeline Media Type
Title source: llmDescription
Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the verify function in application/controllers/alerts.php, (2) the save_all function in application/models/settings.php, or (3) the media type to the timeline function in application/controllers/json.php.
References (4)
Core 4
Core References
Exploit, Patch x_refsource_confirm
https://github.com/ushahidi/Ushahidi_Web/commit/d954093
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2012/08/09/5
Exploit, Patch x_refsource_confirm
https://github.com/ushahidi/Ushahidi_Web/commit/4764792
Exploit, Patch x_refsource_confirm
https://github.com/ushahidi/Ushahidi_Web/commit/fdb48d1
Scores
EPSS
0.0132
EPSS Percentile
67.2%
Details
CWE
CWE-89
Status
published
Products (10)
ushahidi/ushahidi_platform
1.0
ushahidi/ushahidi_platform
1.2
ushahidi/ushahidi_platform
2.0
ushahidi/ushahidi_platform
2.1
ushahidi/ushahidi_platform
2.2
ushahidi/ushahidi_platform
2.2.1
ushahidi/ushahidi_platform
2.3.1
ushahidi/ushahidi_platform
2.3.2
ushahidi/ushahidi_platform
2.4
ushahidi/ushahidi_platform
< 2.4.1
Published
Aug 12, 2012
Tracked Since
Feb 18, 2026