Multiple SQL injection vulnerabilities in the Ushahidi Platform prior to 2.5 allow remote malicious users to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2) application/libraries/api/MY_Checkin_Api_Object.php, (3) application/controllers/admin/messages/reporters.php, or (4) the location API in application/libraries/api/MY_Locations_Api_Object.php and application/models/location.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ushahidi ushahidi platform |
||
ushahidi ushahidi platform 2.3.2 |
||
ushahidi ushahidi platform 1.0 |
||
ushahidi ushahidi platform 2.2.1 |
||
ushahidi ushahidi platform 2.2 |
||
ushahidi ushahidi platform 2.1 |
||
ushahidi ushahidi platform 2.0 |
||
ushahidi ushahidi platform 2.4 |
||
ushahidi ushahidi platform 2.3.1 |
||
ushahidi ushahidi platform 1.2 |