← back
CVE-2012-3473

CVE-2012-3473

EPSS 2.3%
The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://openwall.com/lists/oss-security/2012/08/09/5https://github.com/ushahidi/Ushahidi_Web/commit/13ca6f4https://github.com/ushahidi/Ushahidi_Web/commit/f67f4ad