Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ushahidi ushahidi platform 2.5 vulnerabilities and exploits

(subscribe to this query)
4.3
CVSSv2
CVE-2013-2025
Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x up to and including 2.6.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Ushahidi Ushahidi Platform 2.5Ushahidi Ushahidi Platform 2.6.1Ushahidi Ushahidi Platform 2.6
7.5
CVSSv2
CVE-2012-3475
The installer in the Ushahidi Platform prior to 2.5 omits certain calls to the exit function, which allows remote malicious users to obtain administrative privileges via unspecified vectors.
Ushahidi Ushahidi PlatformUshahidi Ushahidi Platform 2.3.2Ushahidi Ushahidi Platform 2.2.1Ushahidi Ushahidi Platform 1.0Ushahidi Ushahidi Platform 2.2Ushahidi Ushahidi Platform 2.1Ushahidi Ushahidi Platform 2.0Ushahidi Ushahidi Platform 1.2Ushahidi Ushahidi Platform 2.4Ushahidi Ushahidi Platform 2.3.1
7.5
CVSSv2
CVE-2012-3470
Multiple SQL injection vulnerabilities in application/libraries/api/MY_Countries_Api_Object.php in the Ushahidi Platform prior to 2.5 allow remote malicious users to execute arbitrary SQL commands via vectors related to _get_countries functions.
Ushahidi Ushahidi PlatformUshahidi Ushahidi Platform 2.2Ushahidi Ushahidi Platform 2.0Ushahidi Ushahidi Platform 1.0Ushahidi Ushahidi Platform 2.4Ushahidi Ushahidi Platform 2.3.2Ushahidi Ushahidi Platform 2.3.1Ushahidi Ushahidi Platform 2.2.1Ushahidi Ushahidi Platform 2.1Ushahidi Ushahidi Platform 1.2
6.4
CVSSv2
CVE-2012-3472
The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform prior to 2.5 does not require authentication, which allows remote malicious users to list, delete, or organize messages via a GET request.
Ushahidi Ushahidi Platform 2.4Ushahidi Ushahidi Platform 2.3.1Ushahidi Ushahidi Platform 1.2Ushahidi Ushahidi Platform 2.2.1Ushahidi Ushahidi Platform 2.2Ushahidi Ushahidi Platform 2.1Ushahidi Ushahidi Platform 2.0Ushahidi Ushahidi PlatformUshahidi Ushahidi Platform 2.3.2Ushahidi Ushahidi Platform 1.0
6.4
CVSSv2
CVE-2012-3473
The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform prior to 2.5 do not require authentication, which allows remote malicious users to generate reports and organize comments via API functions.
Ushahidi Ushahidi Platform 2.4Ushahidi Ushahidi Platform 2.1Ushahidi Ushahidi Platform 1.2Ushahidi Ushahidi Platform 2.3.2Ushahidi Ushahidi Platform 2.3.1Ushahidi Ushahidi Platform 2.2.1Ushahidi Ushahidi Platform 2.2Ushahidi Ushahidi PlatformUshahidi Ushahidi Platform 2.0Ushahidi Ushahidi Platform 1.0
7.5
CVSSv2
CVE-2012-3471
Multiple SQL injection vulnerabilities in the edit functions in (1) application/controllers/admin/reports.php and (2) application/controllers/members/reports.php in the Ushahidi Platform prior to 2.5 allow remote malicious users to execute arbitrary SQL commands via an incident i...
Ushahidi Ushahidi Platform 2.3.1Ushahidi Ushahidi Platform 2.2Ushahidi Ushahidi Platform 2.0Ushahidi Ushahidi Platform 1.2Ushahidi Ushahidi Platform 1.0Ushahidi Ushahidi PlatformUshahidi Ushahidi Platform 2.4Ushahidi Ushahidi Platform 2.3.2Ushahidi Ushahidi Platform 2.2.1Ushahidi Ushahidi Platform 2.1
5
CVSSv2
CVE-2012-3474
The comments API in application/libraries/api/MY_Comments_Api_Object.php in the Ushahidi Platform prior to 2.5 allows remote malicious users to obtain sensitive information about the e-mail address, IP address, and other attributes of the author of a comment via an API function c...
Ushahidi Ushahidi Platform 2.2.1Ushahidi Ushahidi Platform 2.1Ushahidi Ushahidi Platform 2.0Ushahidi Ushahidi Platform 1.2Ushahidi Ushahidi Platform 1.0Ushahidi Ushahidi PlatformUshahidi Ushahidi Platform 2.4Ushahidi Ushahidi Platform 2.3.2Ushahidi Ushahidi Platform 2.3.1Ushahidi Ushahidi Platform 2.2
3.5
CVSSv2
CVE-2012-3476
Multiple cross-site scripting (XSS) vulnerabilities in (1) application/views/admin/layout.php and (2) themes/default/views/header.php in the Ushahidi Platform prior to 2.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to a site name.
Ushahidi Ushahidi PlatformUshahidi Ushahidi Platform 2.0Ushahidi Ushahidi Platform 1.0Ushahidi Ushahidi Platform 2.3.2Ushahidi Ushahidi Platform 2.3.1Ushahidi Ushahidi Platform 2.2.1Ushahidi Ushahidi Platform 2.2Ushahidi Ushahidi Platform 2.4Ushahidi Ushahidi Platform 2.1Ushahidi Ushahidi Platform 1.2
7.5
CVSSv2
CVE-2012-3468
Multiple SQL injection vulnerabilities in the Ushahidi Platform prior to 2.5 allow remote malicious users to execute arbitrary SQL commands via vectors related to (1) the verify function in application/controllers/alerts.php, (2) the save_all function in application/models/settin...
Ushahidi Ushahidi Platform 2.3.2Ushahidi Ushahidi Platform 2.2.1Ushahidi Ushahidi Platform 2.1Ushahidi Ushahidi Platform 2.0Ushahidi Ushahidi Platform 1.2Ushahidi Ushahidi Platform 1.0Ushahidi Ushahidi PlatformUshahidi Ushahidi Platform 2.4Ushahidi Ushahidi Platform 2.3.1Ushahidi Ushahidi Platform 2.2
7.5
CVSSv2
CVE-2012-3469
Multiple SQL injection vulnerabilities in the Ushahidi Platform prior to 2.5 allow remote malicious users to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2) application/libraries/api/MY_...
Ushahidi Ushahidi PlatformUshahidi Ushahidi Platform 2.3.2Ushahidi Ushahidi Platform 1.0Ushahidi Ushahidi Platform 2.2.1Ushahidi Ushahidi Platform 2.2Ushahidi Ushahidi Platform 2.1Ushahidi Ushahidi Platform 2.0Ushahidi Ushahidi Platform 2.4Ushahidi Ushahidi Platform 2.3.1Ushahidi Ushahidi Platform 1.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028memory leaklog injectionCVE-2024-3400CVE-2022-48695CVE-2022-48675CVE-2024-34487CVE-2024-33792spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook