Unauthenticated Remote Message Manipulation in Ushahidi Platform
CVE-2012-3472 · MEDIUM Severity
AV:N/AC:L/AU:N/C:N/I:P/A:P
The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize messages via a GET request.
Learn more about our Api Penetration Testing.