CVE-2012-3472

Ushahidi Platform < 2.4.1 - Authentication Bypass

Title source: rule

Description

The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize messages via a GET request.

References (2)

Scores

EPSS 0.0053
EPSS Percentile 66.8%

Classification

CWE
CWE-287
Status draft

Affected Products (10)

ushahidi/ushahidi_platform < 2.4.1
ushahidi/ushahidi_platform
ushahidi/ushahidi_platform
ushahidi/ushahidi_platform
ushahidi/ushahidi_platform
ushahidi/ushahidi_platform
ushahidi/ushahidi_platform
ushahidi/ushahidi_platform
ushahidi/ushahidi_platform
ushahidi/ushahidi_platform

Timeline

Published Aug 12, 2012
Tracked Since Feb 18, 2026