Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3469

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-3469
Last Modified 13 Aug 2012 01:47:44
Published 12 Aug 2012 05:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-3469

Summary

Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2) application/libraries/api/MY_Checkin_Api_Object.php, (3) application/controllers/admin/messages/reporters.php, or (4) the location API in application/libraries/api/MY_Locations_Api_Object.php and application/models/location.php.

Vulnerable Systems

Application

  • Ushahidi Platform 1.0

  • Ushahidi Platform 1.2

  • Ushahidi Platform 2.0

  • Ushahidi Platform 2.1

  • Ushahidi Platform 2.2

  • Ushahidi Platform 2.2.1

  • Ushahidi Platform 2.3.1

  • Ushahidi Platform 2.3.2

  • Ushahidi Platform 2.4

  • Ushahidi Platform 2.4.1


References

CONFIRM - https://github.com/ushahidi/Ushahidi_Web/commit/e0e2b66

CONFIRM - https://github.com/ushahidi/Ushahidi_Web/commit/a11d43c

CONFIRM - https://github.com/ushahidi/Ushahidi_Web/commit/6f6a919

CONFIRM - https://github.com/ushahidi/Ushahidi_Web/commit/68d9916

MLIST - [oss-security] 20120809 Re: CVE request for Ushahidi


Last Updated: 27 May 2016 10:51:39