Unauthenticated Remote Attackers Can Generate Reports and Organize Comments in Ushahidi Platform

Unauthenticated Remote Attackers Can Generate Reports and Organize Comments in Ushahidi Platform

CVE-2012-3473 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:P/A:N

The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions.

Learn more about our Api Penetration Testing.