Multiple SQL injection vulnerabilities in the Ushahidi Platform prior to 2.5 allow remote malicious users to execute arbitrary SQL commands via vectors related to (1) the verify function in application/controllers/alerts.php, (2) the save_all function in application/models/settings.php, or (3) the media type to the timeline function in application/controllers/json.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ushahidi ushahidi platform 2.3.2 |
||
ushahidi ushahidi platform 2.2.1 |
||
ushahidi ushahidi platform 2.1 |
||
ushahidi ushahidi platform 2.0 |
||
ushahidi ushahidi platform 1.2 |
||
ushahidi ushahidi platform 1.0 |
||
ushahidi ushahidi platform |
||
ushahidi ushahidi platform 2.4 |
||
ushahidi ushahidi platform 2.3.1 |
||
ushahidi ushahidi platform 2.2 |