The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform prior to 2.5 do not require authentication, which allows remote malicious users to generate reports and organize comments via API functions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ushahidi ushahidi platform 2.4 |
||
ushahidi ushahidi platform 2.1 |
||
ushahidi ushahidi platform 1.2 |
||
ushahidi ushahidi platform 2.3.2 |
||
ushahidi ushahidi platform 2.3.1 |
||
ushahidi ushahidi platform 2.2.1 |
||
ushahidi ushahidi platform 2.2 |
||
ushahidi ushahidi platform |
||
ushahidi ushahidi platform 2.0 |
||
ushahidi ushahidi platform 1.0 |