Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ushahidi ushahidi platform 2.5 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2013-2025
Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x up to and including 2.6.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Ushahidi Ushahidi Platform 2.5
Ushahidi Ushahidi Platform 2.6.1
Ushahidi Ushahidi Platform 2.6
7.5
CVSSv2
CVE-2012-3475
The installer in the Ushahidi Platform prior to 2.5 omits certain calls to the exit function, which allows remote malicious users to obtain administrative privileges via unspecified vectors.
Ushahidi Ushahidi Platform
Ushahidi Ushahidi Platform 2.3.2
Ushahidi Ushahidi Platform 2.2.1
Ushahidi Ushahidi Platform 1.0
Ushahidi Ushahidi Platform 2.2
Ushahidi Ushahidi Platform 2.1
Ushahidi Ushahidi Platform 2.0
Ushahidi Ushahidi Platform 1.2
Ushahidi Ushahidi Platform 2.4
Ushahidi Ushahidi Platform 2.3.1
7.5
CVSSv2
CVE-2012-3470
Multiple SQL injection vulnerabilities in application/libraries/api/MY_Countries_Api_Object.php in the Ushahidi Platform prior to 2.5 allow remote malicious users to execute arbitrary SQL commands via vectors related to _get_countries functions.
Ushahidi Ushahidi Platform
Ushahidi Ushahidi Platform 2.2
Ushahidi Ushahidi Platform 2.0
Ushahidi Ushahidi Platform 1.0
Ushahidi Ushahidi Platform 2.4
Ushahidi Ushahidi Platform 2.3.2
Ushahidi Ushahidi Platform 2.3.1
Ushahidi Ushahidi Platform 2.2.1
Ushahidi Ushahidi Platform 2.1
Ushahidi Ushahidi Platform 1.2
6.4
CVSSv2
CVE-2012-3472
The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform prior to 2.5 does not require authentication, which allows remote malicious users to list, delete, or organize messages via a GET request.
Ushahidi Ushahidi Platform 2.4
Ushahidi Ushahidi Platform 2.3.1
Ushahidi Ushahidi Platform 1.2
Ushahidi Ushahidi Platform 2.2.1
Ushahidi Ushahidi Platform 2.2
Ushahidi Ushahidi Platform 2.1
Ushahidi Ushahidi Platform 2.0
Ushahidi Ushahidi Platform
Ushahidi Ushahidi Platform 2.3.2
Ushahidi Ushahidi Platform 1.0
6.4
CVSSv2
CVE-2012-3473
The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform prior to 2.5 do not require authentication, which allows remote malicious users to generate reports and organize comments via API functions.
Ushahidi Ushahidi Platform 2.4
Ushahidi Ushahidi Platform 2.1
Ushahidi Ushahidi Platform 1.2
Ushahidi Ushahidi Platform 2.3.2
Ushahidi Ushahidi Platform 2.3.1
Ushahidi Ushahidi Platform 2.2.1
Ushahidi Ushahidi Platform 2.2
Ushahidi Ushahidi Platform
Ushahidi Ushahidi Platform 2.0
Ushahidi Ushahidi Platform 1.0
7.5
CVSSv2
CVE-2012-3471
Multiple SQL injection vulnerabilities in the edit functions in (1) application/controllers/admin/reports.php and (2) application/controllers/members/reports.php in the Ushahidi Platform prior to 2.5 allow remote malicious users to execute arbitrary SQL commands via an incident i...
Ushahidi Ushahidi Platform 2.3.1
Ushahidi Ushahidi Platform 2.2
Ushahidi Ushahidi Platform 2.0
Ushahidi Ushahidi Platform 1.2
Ushahidi Ushahidi Platform 1.0
Ushahidi Ushahidi Platform
Ushahidi Ushahidi Platform 2.4
Ushahidi Ushahidi Platform 2.3.2
Ushahidi Ushahidi Platform 2.2.1
Ushahidi Ushahidi Platform 2.1
5
CVSSv2
CVE-2012-3474
The comments API in application/libraries/api/MY_Comments_Api_Object.php in the Ushahidi Platform prior to 2.5 allows remote malicious users to obtain sensitive information about the e-mail address, IP address, and other attributes of the author of a comment via an API function c...
Ushahidi Ushahidi Platform 2.2.1
Ushahidi Ushahidi Platform 2.1
Ushahidi Ushahidi Platform 2.0
Ushahidi Ushahidi Platform 1.2
Ushahidi Ushahidi Platform 1.0
Ushahidi Ushahidi Platform
Ushahidi Ushahidi Platform 2.4
Ushahidi Ushahidi Platform 2.3.2
Ushahidi Ushahidi Platform 2.3.1
Ushahidi Ushahidi Platform 2.2
3.5
CVSSv2
CVE-2012-3476
Multiple cross-site scripting (XSS) vulnerabilities in (1) application/views/admin/layout.php and (2) themes/default/views/header.php in the Ushahidi Platform prior to 2.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to a site name.
Ushahidi Ushahidi Platform
Ushahidi Ushahidi Platform 2.0
Ushahidi Ushahidi Platform 1.0
Ushahidi Ushahidi Platform 2.3.2
Ushahidi Ushahidi Platform 2.3.1
Ushahidi Ushahidi Platform 2.2.1
Ushahidi Ushahidi Platform 2.2
Ushahidi Ushahidi Platform 2.4
Ushahidi Ushahidi Platform 2.1
Ushahidi Ushahidi Platform 1.2
7.5
CVSSv2
CVE-2012-3468
Multiple SQL injection vulnerabilities in the Ushahidi Platform prior to 2.5 allow remote malicious users to execute arbitrary SQL commands via vectors related to (1) the verify function in application/controllers/alerts.php, (2) the save_all function in application/models/settin...
Ushahidi Ushahidi Platform 2.3.2
Ushahidi Ushahidi Platform 2.2.1
Ushahidi Ushahidi Platform 2.1
Ushahidi Ushahidi Platform 2.0
Ushahidi Ushahidi Platform 1.2
Ushahidi Ushahidi Platform 1.0
Ushahidi Ushahidi Platform
Ushahidi Ushahidi Platform 2.4
Ushahidi Ushahidi Platform 2.3.1
Ushahidi Ushahidi Platform 2.2
7.5
CVSSv2
CVE-2012-3469
Multiple SQL injection vulnerabilities in the Ushahidi Platform prior to 2.5 allow remote malicious users to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2) application/libraries/api/MY_...
Ushahidi Ushahidi Platform
Ushahidi Ushahidi Platform 2.3.2
Ushahidi Ushahidi Platform 1.0
Ushahidi Ushahidi Platform 2.2.1
Ushahidi Ushahidi Platform 2.2
Ushahidi Ushahidi Platform 2.1
Ushahidi Ushahidi Platform 2.0
Ushahidi Ushahidi Platform 2.4
Ushahidi Ushahidi Platform 2.3.1
Ushahidi Ushahidi Platform 1.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started