Unauthenticated Remote Message Manipulation in Ushahidi Platform

Unauthenticated Remote Message Manipulation in Ushahidi Platform

CVE-2012-3472 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:P

The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize messages via a GET request.

Learn more about our Api Penetration Testing.