6.4
CVE-2012-3472
- EPSS 1.32%
- Veröffentlicht 12.08.2012 21:55:01
- Zuletzt bearbeitet 16.06.2026 23:43:17
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginThe email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize messages via a GET request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ushahidi ≫ Ushahidi Platform Version <= 2.4.1
Ushahidi ≫ Ushahidi Platform Version1.0
Ushahidi ≫ Ushahidi Platform Version1.2
Ushahidi ≫ Ushahidi Platform Version2.0
Ushahidi ≫ Ushahidi Platform Version2.1
Ushahidi ≫ Ushahidi Platform Version2.2
Ushahidi ≫ Ushahidi Platform Version2.2.1
Ushahidi ≫ Ushahidi Platform Version2.3.1
Ushahidi ≫ Ushahidi Platform Version2.3.2
Ushahidi ≫ Ushahidi Platform Version2.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.32% | 0.67 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:P
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
http://openwall.com/lists/oss-security/2012/08/09/5
https://github.com/ushahidi/Ushahidi_Web/commit/4c24325