ushahidi CVE 脆弱性と CVE 一覧(11)

製品(CPE): — CVE 件数: 11

ushahidi 脆弱性概要

ushahidi 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

一般的な弱点パターンには vendor risk sql injection、vendor risk cross-site scripting, and パス処理の欠陥 があり、vendor surface software deployment and vendor surface production workloads の利用場面で vendor impact data exposure、vendor impact session compromise, and ファイル上書き などのリスクが生じる可能性があります。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 111 / 11 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2012-5618 Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens. [email protected] 9.8 1.18% 2020-02-04 2026-06-16
CVE-2013-2025 Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x through 2.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [email protected] 4.3 1.93% 2014-04-25 2026-06-16
CVE-2012-3476 Multiple cross-site scripting (XSS) vulnerabilities in (1) application/views/admin/layout.php and (2) themes/default/views/header.php in the Ushahidi Platform before 2.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to a site name. [email protected] 3.5 1.09% 2012-08-12 2026-06-16
CVE-2012-3475 The installer in the Ushahidi Platform before 2.5 omits certain calls to the exit function, which allows remote attackers to obtain administrative privileges via unspecified vectors. [email protected] 7.5 1.51% 2012-08-12 2026-06-16
CVE-2012-3474 The comments API in application/libraries/api/MY_Comments_Api_Object.php in the Ushahidi Platform before 2.5 allows remote attackers to obtain sensitive information about the e-mail address, IP address, and other attributes of the author of a comment via an API function call. [email protected] 5.0 1.82% 2012-08-12 2026-06-16
CVE-2012-3473 The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions. [email protected] 6.4 2.33% 2012-08-12 2026-06-16
CVE-2012-3472 The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize messages via a GET request. [email protected] 6.4 1.31% 2012-08-12 2026-06-16
CVE-2012-3471 Multiple SQL injection vulnerabilities in the edit functions in (1) application/controllers/admin/reports.php and (2) application/controllers/members/reports.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via an incident id. [email protected] 7.5 1.76% 2012-08-12 2026-06-16
CVE-2012-3470 Multiple SQL injection vulnerabilities in application/libraries/api/MY_Countries_Api_Object.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to _get_countries functions. [email protected] 7.5 1.21% 2012-08-12 2026-06-16
CVE-2012-3469 Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2) application/libraries/api/MY_Checkin_Api_Object.php, (3) application/controllers/admin/messages/reporters.php, or (4) the location API in application/libraries/api/MY_Locations_Api_Object.php and application/models/location.php. [email protected] 7.5 1.32% 2012-08-12 2026-06-16
CVE-2012-3468 Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the verify function in application/controllers/alerts.php, (2) the save_all function in application/models/settings.php, or (3) the media type to the timeline function in application/controllers/json.php. [email protected] 7.5 1.32% 2012-08-12 2026-06-16
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence