CVE-2012-3473

Ushahidi Platform < 2.4.1 - Authentication Bypass

Title source: rule

Description

The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions.

References (3)

Scores

EPSS 0.0030
EPSS Percentile 52.9%

Classification

CWE
CWE-287
Status draft

Affected Products (10)

ushahidi/ushahidi_platform < 2.4.1
ushahidi/ushahidi_platform
ushahidi/ushahidi_platform
ushahidi/ushahidi_platform
ushahidi/ushahidi_platform
ushahidi/ushahidi_platform
ushahidi/ushahidi_platform
ushahidi/ushahidi_platform
ushahidi/ushahidi_platform
ushahidi/ushahidi_platform

Timeline

Published Aug 12, 2012
Tracked Since Feb 18, 2026