Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-hw55-mmfj-rqr3

Опубликовано: 17 мая 2022
Источник: github
Github: Не прошло ревью

Описание

Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2) application/libraries/api/MY_Checkin_Api_Object.php, (3) application/controllers/admin/messages/reporters.php, or (4) the location API in application/libraries/api/MY_Locations_Api_Object.php and application/models/location.php.

Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2) application/libraries/api/MY_Checkin_Api_Object.php, (3) application/controllers/admin/messages/reporters.php, or (4) the location API in application/libraries/api/MY_Locations_Api_Object.php and application/models/location.php.

Ссылки

EPSS

Процентиль: 64%
0.00465
Низкий

CVE ID

CVE-2012-3469

Дефекты

CWE-89

Связанные уязвимости

nvd логотип

CVE-2012-3469

nvd
больше 13 лет назад

Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2) application/libraries/api/MY_Checkin_Api_Object.php, (3) application/controllers/admin/messages/reporters.php, or (4) the location API in application/libraries/api/MY_Locations_Api_Object.php and application/models/location.php.

EPSS

Процентиль: 64%
0.00465
Низкий

CVE ID

CVE-2012-3469

Дефекты

CWE-89