CVE-2012-3474

Published: Aug 12, 2012Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The comments API in application/libraries/api/MY_Comments_Api_Object.php in the Ushahidi Platform before 2.5 allows remote attackers to obtain sensitive information about the e-mail address, IP address, and other attributes of the author of a comment via an API function call.

Affected (10)

Products: Ushahidi: Ushahidi Platform

Ushahidi

1 product

Ushahidi Platform

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Ushahidi Ushahidi Platform	Up to 2.4.1
Ushahidi Ushahidi Platform	Version 1.0
Ushahidi Ushahidi Platform	Version 1.2
Ushahidi Ushahidi Platform	Version 2.0
Ushahidi Ushahidi Platform	Version 2.1
Ushahidi Ushahidi Platform	Version 2.2.1
Ushahidi Ushahidi Platform	Version 2.2
Ushahidi Ushahidi Platform	Version 2.3.1
Ushahidi Ushahidi Platform	Version 2.3.2
Ushahidi Ushahidi Platform	Version 2.4

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://openwall.com/lists/oss-security/2012/08/09/5

Source: secalert@redhat.com

https://github.com/ushahidi/Ushahidi_Web/commit/529f353

Source: secalert@redhat.com

ExploitPatch

http://openwall.com/lists/oss-security/2012/08/09/5

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/ushahidi/Ushahidi_Web/commit/529f353

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

Timeline

No history available yet.