CVE-2012-3473

Ushahidi Platform < 2.5 - Unauthenticated Report Creation and Comment Organization via API

Title source: llm

Description

The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions.

References (3)

Core 3

Core References

Exploit, Patch x_refsource_confirm

https://github.com/ushahidi/Ushahidi_Web/commit/13ca6f4

Mailing List mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2012/08/09/5

Patch x_refsource_confirm

https://github.com/ushahidi/Ushahidi_Web/commit/f67f4ad

View Patch ZIP pw:eip

Scores

EPSS 0.0233

EPSS Percentile 81.3%

Details

CWE

CWE-287

Status published

Products (10)

ushahidi/ushahidi_platform 1.0

ushahidi/ushahidi_platform 1.2

ushahidi/ushahidi_platform 2.0

ushahidi/ushahidi_platform 2.1

ushahidi/ushahidi_platform 2.2

ushahidi/ushahidi_platform 2.2.1

ushahidi/ushahidi_platform 2.3.1

ushahidi/ushahidi_platform 2.3.2

ushahidi/ushahidi_platform 2.4

ushahidi/ushahidi_platform < 2.4.1

Published Aug 12, 2012

Tracked Since Feb 18, 2026