Vulnerability Details CVE-2012-3468
Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the verify function in application/controllers/alerts.php, (2) the save_all function in application/models/settings.php, or (3) the media type to the timeline function in application/controllers/json.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.3%
CVSS Severity
CVSS v2 Score 7.5
References
- http://openwall.com/lists/oss-security/2012/08/09/5
- https://github.com/ushahidi/Ushahidi_Web/commit/4764792
- https://github.com/ushahidi/Ushahidi_Web/commit/d954093
- https://github.com/ushahidi/Ushahidi_Web/commit/fdb48d1
- http://openwall.com/lists/oss-security/2012/08/09/5
- https://github.com/ushahidi/Ushahidi_Web/commit/4764792
- https://github.com/ushahidi/Ushahidi_Web/commit/d954093
- https://github.com/ushahidi/Ushahidi_Web/commit/fdb48d1
Products affected by CVE-2012-3468
-
cpe:2.3:a:ushahidi:ushahidi_platform:1.0
-
cpe:2.3:a:ushahidi:ushahidi_platform:1.2
-
cpe:2.3:a:ushahidi:ushahidi_platform:2.0
-
cpe:2.3:a:ushahidi:ushahidi_platform:2.1
-
cpe:2.3:a:ushahidi:ushahidi_platform:2.2
-
cpe:2.3:a:ushahidi:ushahidi_platform:2.2.1
-
cpe:2.3:a:ushahidi:ushahidi_platform:2.3.1
-
cpe:2.3:a:ushahidi:ushahidi_platform:2.3.2
-
cpe:2.3:a:ushahidi:ushahidi_platform:2.4
-
cpe:2.3:a:ushahidi:ushahidi_platform:2.4.1