Back to search
CVE-2012-3472
Published: Aug 12, 2012
Modified: Sep 16, 2024
PUBLISHED
Description
The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize messages via a GET request.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20120809 Re: CVE request for Ushahidi
mailing-list
x_refsource_MLIST
https://github.com/ushahidi/Ushahidi_Web/commit/4c24325
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now