Ushahidi

ushahidi

11 CVEs • 2 products

Products (2)

Click to collapse

Toggle

Ushahidi Platform

ushahidi_platform

CVEs (11)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2012-5618 1Ushahidi 1Ushahidi Nov 21, 2024 Feb 4, 2020 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens.
CVE-2013-2025 1Ushahidi 1Ushahidi Platform May 6, 2026 Apr 25, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x through 2.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-3476 1Ushahidi 1Ushahidi Platform Apr 29, 2026 Aug 12, 2012 N/A· v4 N/A· v3 3.5 LOW· v2 Multiple cross-site scripting (XSS) vulnerabilities in (1) application/views/admin/layout.php and (2) themes/default/views/header.php in the Ushahidi Platform before 2.5 allow remote authenticated users to inject arbitra...Show more Multiple cross-site scripting (XSS) vulnerabilities in (1) application/views/admin/layout.php and (2) themes/default/views/header.php in the Ushahidi Platform before 2.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to a site name.Show less
CVE-2012-3475 1Ushahidi 1Ushahidi Platform Apr 29, 2026 Aug 12, 2012 N/A· v4 N/A· v3 7.5 HIGH· v2 The installer in the Ushahidi Platform before 2.5 omits certain calls to the exit function, which allows remote attackers to obtain administrative privileges via unspecified vectors.
CVE-2012-3474 1Ushahidi 1Ushahidi Platform Apr 29, 2026 Aug 12, 2012 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The comments API in application/libraries/api/MY_Comments_Api_Object.php in the Ushahidi Platform before 2.5 allows remote attackers to obtain sensitive information about the e-mail address, IP address, and other attribu...Show more The comments API in application/libraries/api/MY_Comments_Api_Object.php in the Ushahidi Platform before 2.5 allows remote attackers to obtain sensitive information about the e-mail address, IP address, and other attributes of the author of a comment via an API function call.Show less
CVE-2012-3473 1Ushahidi 1Ushahidi Platform Apr 29, 2026 Aug 12, 2012 N/A· v4 N/A· v3 6.4 MEDIUM· v2 The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API fu...Show more The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions.Show less
CVE-2012-3472 1Ushahidi 1Ushahidi Platform Apr 29, 2026 Aug 12, 2012 N/A· v4 N/A· v3 6.4 MEDIUM· v2 The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize messages via a GET reques...Show more The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize messages via a GET request.Show less
CVE-2012-3471 1Ushahidi 1Ushahidi Platform Apr 29, 2026 Aug 12, 2012 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple SQL injection vulnerabilities in the edit functions in (1) application/controllers/admin/reports.php and (2) application/controllers/members/reports.php in the Ushahidi Platform before 2.5 allow remote attackers...Show more Multiple SQL injection vulnerabilities in the edit functions in (1) application/controllers/admin/reports.php and (2) application/controllers/members/reports.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via an incident id.Show less
CVE-2012-3470 1Ushahidi 1Ushahidi Platform Apr 29, 2026 Aug 12, 2012 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple SQL injection vulnerabilities in application/libraries/api/MY_Countries_Api_Object.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to _get_cou...Show more Multiple SQL injection vulnerabilities in application/libraries/api/MY_Countries_Api_Object.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to _get_countries functions.Show less
CVE-2012-3469 1Ushahidi 1Ushahidi Platform Apr 29, 2026 Aug 12, 2012 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/a...Show more Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2) application/libraries/api/MY_Checkin_Api_Object.php, (3) application/controllers/admin/messages/reporters.php, or (4) the location API in application/libraries/api/MY_Locations_Api_Object.php and application/models/location.php.Show less
CVE-2012-3468 1Ushahidi 1Ushahidi Platform Apr 29, 2026 Aug 12, 2012 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the verify function in application/controllers/alerts.php, (2...Show more Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the verify function in application/controllers/alerts.php, (2) the save_all function in application/models/settings.php, or (3) the media type to the timeline function in application/controllers/json.php.Show less