Ushahidi

Ushahidi Platform

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2013-2025

Exploit
  • EPSS 0.37%
  • Veröffentlicht 25.04.2014 17:12:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x through 2.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

7.5

CVE-2012-3468

Exploit
  • EPSS 0.39%
  • Veröffentlicht 12.08.2012 21:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the verify function in application/controllers/alerts.php, (2) the save_all function in app...

7.5

CVE-2012-3469

Exploit
  • EPSS 0.47%
  • Veröffentlicht 12.08.2012 21:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2) applica...

7.5

CVE-2012-3470

Exploit
  • EPSS 0.32%
  • Veröffentlicht 12.08.2012 21:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple SQL injection vulnerabilities in application/libraries/api/MY_Countries_Api_Object.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to _get_countries functions.

7.5

CVE-2012-3471

Exploit
  • EPSS 0.32%
  • Veröffentlicht 12.08.2012 21:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple SQL injection vulnerabilities in the edit functions in (1) application/controllers/admin/reports.php and (2) application/controllers/members/reports.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL comm...

6.4

CVE-2012-3472

Exploit
  • EPSS 0.53%
  • Veröffentlicht 12.08.2012 21:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize messages via a GET request.

6.4

CVE-2012-3473

Exploit
  • EPSS 0.3%
  • Veröffentlicht 12.08.2012 21:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions.

5

CVE-2012-3474

Exploit
  • EPSS 0.25%
  • Veröffentlicht 12.08.2012 21:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The comments API in application/libraries/api/MY_Comments_Api_Object.php in the Ushahidi Platform before 2.5 allows remote attackers to obtain sensitive information about the e-mail address, IP address, and other attributes of the author of a comment...

7.5

CVE-2012-3475

  • EPSS 0.52%
  • Veröffentlicht 12.08.2012 21:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The installer in the Ushahidi Platform before 2.5 omits certain calls to the exit function, which allows remote attackers to obtain administrative privileges via unspecified vectors.

3.5

CVE-2012-3476

Exploit
  • EPSS 0.16%
  • Veröffentlicht 12.08.2012 21:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in (1) application/views/admin/layout.php and (2) themes/default/views/header.php in the Ushahidi Platform before 2.5 allow remote authenticated users to inject arbitrary web script or HTML via vect...