Skip to main content

Ushahidi Platform

10 CVEs product

Monthly

CVE-2013-2025 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x through 2.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Ushahidi Platform
NVD GitHub VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-3476 LOW POC PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in (1) application/views/admin/layout.php and (2) themes/default/views/header.php in the Ushahidi Platform before 2.5 allow remote authenticated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Ushahidi Platform
NVD GitHub
CVSS 2.0
3.5
EPSS
0.2%
CVE-2012-3475 HIGH PATCH This Week

The installer in the Ushahidi Platform before 2.5 omits certain calls to the exit function, which allows remote attackers to obtain administrative privileges via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Ushahidi Platform
NVD GitHub
CVSS 2.0
7.5
EPSS
0.5%
CVE-2012-3474 MEDIUM POC PATCH This Month

The comments API in application/libraries/api/MY_Comments_Api_Object.php in the Ushahidi Platform before 2.5 allows remote attackers to obtain sensitive information about the e-mail address, IP. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Information Disclosure Ushahidi Platform
NVD GitHub
CVSS 2.0
5.0
EPSS
0.2%
CVE-2012-3473 MEDIUM POC PATCH This Month

The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Ushahidi Platform
NVD GitHub
CVSS 2.0
6.4
EPSS
0.3%
CVE-2012-3472 MEDIUM POC PATCH This Month

The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Authentication Bypass Ushahidi Platform
NVD GitHub
CVSS 2.0
6.4
EPSS
0.5%
CVE-2012-3471 HIGH POC PATCH This Week

Multiple SQL injection vulnerabilities in the edit functions in (1) application/controllers/admin/reports.php and (2) application/controllers/members/reports.php in the Ushahidi Platform before 2.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Ushahidi Platform
NVD GitHub
CVSS 2.0
7.5
EPSS
0.3%
CVE-2012-3470 HIGH POC PATCH This Week

Multiple SQL injection vulnerabilities in application/libraries/api/MY_Countries_Api_Object.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Ushahidi Platform
NVD GitHub
CVSS 2.0
7.5
EPSS
0.3%
CVE-2012-3469 HIGH POC PATCH This Week

Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Ushahidi Platform
NVD GitHub
CVSS 2.0
7.5
EPSS
0.5%
CVE-2012-3468 HIGH POC PATCH This Week

Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the verify function in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Ushahidi Platform
NVD GitHub
CVSS 2.0
7.5
EPSS
0.4%
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x through 2.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Ushahidi Platform
NVD GitHub VulDB
EPSS 0% CVSS 3.5
LOW POC PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in (1) application/views/admin/layout.php and (2) themes/default/views/header.php in the Ushahidi Platform before 2.5 allow remote authenticated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Ushahidi Platform
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The installer in the Ushahidi Platform before 2.5 omits certain calls to the exit function, which allows remote attackers to obtain administrative privileges via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Ushahidi Platform
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM POC PATCH This Month

The comments API in application/libraries/api/MY_Comments_Api_Object.php in the Ushahidi Platform before 2.5 allows remote attackers to obtain sensitive information about the e-mail address, IP. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Information Disclosure Ushahidi Platform
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM POC PATCH This Month

The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Ushahidi Platform
NVD GitHub
EPSS 1% CVSS 6.4
MEDIUM POC PATCH This Month

The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Authentication Bypass Ushahidi Platform
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Multiple SQL injection vulnerabilities in the edit functions in (1) application/controllers/admin/reports.php and (2) application/controllers/members/reports.php in the Ushahidi Platform before 2.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Ushahidi Platform
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Multiple SQL injection vulnerabilities in application/libraries/api/MY_Countries_Api_Object.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Ushahidi Platform
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Ushahidi Platform
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the verify function in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Ushahidi Platform
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy