Unauthenticated Remote Attackers Can Generate Reports and Organize Comments in Ushahidi Platform
CVE-2012-3473 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:P/A:N
The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions.
Learn more about our Api Penetration Testing.