Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ushahidi ushahidi platform 2.5 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-2025
Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x up to and including 2.6.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Ushahidi Ushahidi Platform 2.6
Ushahidi Ushahidi Platform 2.6.1
Ushahidi Ushahidi Platform 2.5
NA
CVE-2012-3469
Multiple SQL injection vulnerabilities in the Ushahidi Platform prior to 2.5 allow remote malicious users to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2) application/libraries/api/MY_...
Ushahidi Ushahidi Platform 2.1
Ushahidi Ushahidi Platform 2.0
Ushahidi Ushahidi Platform 1.0
Ushahidi Ushahidi Platform 2.2.1
Ushahidi Ushahidi Platform
Ushahidi Ushahidi Platform 2.3.1
Ushahidi Ushahidi Platform 2.2
Ushahidi Ushahidi Platform 2.4
Ushahidi Ushahidi Platform 2.3.2
Ushahidi Ushahidi Platform 1.2
NA
CVE-2012-3474
The comments API in application/libraries/api/MY_Comments_Api_Object.php in the Ushahidi Platform prior to 2.5 allows remote malicious users to obtain sensitive information about the e-mail address, IP address, and other attributes of the author of a comment via an API function c...
Ushahidi Ushahidi Platform 2.1
Ushahidi Ushahidi Platform 2.0
Ushahidi Ushahidi Platform 1.0
Ushahidi Ushahidi Platform 2.2.1
Ushahidi Ushahidi Platform
Ushahidi Ushahidi Platform 2.3.1
Ushahidi Ushahidi Platform 2.2
Ushahidi Ushahidi Platform 2.4
Ushahidi Ushahidi Platform 2.3.2
Ushahidi Ushahidi Platform 1.2
NA
CVE-2012-3476
Multiple cross-site scripting (XSS) vulnerabilities in (1) application/views/admin/layout.php and (2) themes/default/views/header.php in the Ushahidi Platform prior to 2.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to a site name.
Ushahidi Ushahidi Platform 2.1
Ushahidi Ushahidi Platform 2.0
Ushahidi Ushahidi Platform 1.0
Ushahidi Ushahidi Platform 2.2.1
Ushahidi Ushahidi Platform
Ushahidi Ushahidi Platform 2.3.1
Ushahidi Ushahidi Platform 2.2
Ushahidi Ushahidi Platform 2.4
Ushahidi Ushahidi Platform 2.3.2
Ushahidi Ushahidi Platform 1.2
NA
CVE-2012-3470
Multiple SQL injection vulnerabilities in application/libraries/api/MY_Countries_Api_Object.php in the Ushahidi Platform prior to 2.5 allow remote malicious users to execute arbitrary SQL commands via vectors related to _get_countries functions.
Ushahidi Ushahidi Platform 2.1
Ushahidi Ushahidi Platform 2.0
Ushahidi Ushahidi Platform 1.0
Ushahidi Ushahidi Platform 2.2.1
Ushahidi Ushahidi Platform
Ushahidi Ushahidi Platform 2.3.1
Ushahidi Ushahidi Platform 2.2
Ushahidi Ushahidi Platform 2.4
Ushahidi Ushahidi Platform 2.3.2
Ushahidi Ushahidi Platform 1.2
NA
CVE-2012-3472
The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform prior to 2.5 does not require authentication, which allows remote malicious users to list, delete, or organize messages via a GET request.
Ushahidi Ushahidi Platform 2.1
Ushahidi Ushahidi Platform 2.0
Ushahidi Ushahidi Platform 1.0
Ushahidi Ushahidi Platform 2.2.1
Ushahidi Ushahidi Platform
Ushahidi Ushahidi Platform 2.3.1
Ushahidi Ushahidi Platform 2.2
Ushahidi Ushahidi Platform 2.4
Ushahidi Ushahidi Platform 2.3.2
Ushahidi Ushahidi Platform 1.2
NA
CVE-2012-3475
The installer in the Ushahidi Platform prior to 2.5 omits certain calls to the exit function, which allows remote malicious users to obtain administrative privileges via unspecified vectors.
Ushahidi Ushahidi Platform 2.1
Ushahidi Ushahidi Platform 2.0
Ushahidi Ushahidi Platform 1.0
Ushahidi Ushahidi Platform 2.2.1
Ushahidi Ushahidi Platform
Ushahidi Ushahidi Platform 2.3.1
Ushahidi Ushahidi Platform 2.2
Ushahidi Ushahidi Platform 2.4
Ushahidi Ushahidi Platform 2.3.2
Ushahidi Ushahidi Platform 1.2
NA
CVE-2012-3468
Multiple SQL injection vulnerabilities in the Ushahidi Platform prior to 2.5 allow remote malicious users to execute arbitrary SQL commands via vectors related to (1) the verify function in application/controllers/alerts.php, (2) the save_all function in application/models/settin...
Ushahidi Ushahidi Platform 2.1
Ushahidi Ushahidi Platform 2.0
Ushahidi Ushahidi Platform 1.0
Ushahidi Ushahidi Platform 2.2.1
Ushahidi Ushahidi Platform
Ushahidi Ushahidi Platform 2.3.1
Ushahidi Ushahidi Platform 2.2
Ushahidi Ushahidi Platform 2.4
Ushahidi Ushahidi Platform 2.3.2
Ushahidi Ushahidi Platform 1.2
NA
CVE-2012-3471
Multiple SQL injection vulnerabilities in the edit functions in (1) application/controllers/admin/reports.php and (2) application/controllers/members/reports.php in the Ushahidi Platform prior to 2.5 allow remote malicious users to execute arbitrary SQL commands via an incident i...
Ushahidi Ushahidi Platform 2.1
Ushahidi Ushahidi Platform 2.0
Ushahidi Ushahidi Platform 1.0
Ushahidi Ushahidi Platform 2.2.1
Ushahidi Ushahidi Platform
Ushahidi Ushahidi Platform 2.3.1
Ushahidi Ushahidi Platform 2.2
Ushahidi Ushahidi Platform 2.4
Ushahidi Ushahidi Platform 2.3.2
Ushahidi Ushahidi Platform 1.2
NA
CVE-2012-3473
The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform prior to 2.5 do not require authentication, which allows remote malicious users to generate reports and organize comments via API functions.
Ushahidi Ushahidi Platform 2.1
Ushahidi Ushahidi Platform 2.0
Ushahidi Ushahidi Platform 1.0
Ushahidi Ushahidi Platform 2.2.1
Ushahidi Ushahidi Platform
Ushahidi Ushahidi Platform 2.3.1
Ushahidi Ushahidi Platform 2.2
Ushahidi Ushahidi Platform 2.4
Ushahidi Ushahidi Platform 2.3.2
Ushahidi Ushahidi Platform 1.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started