CVE-2012-3468 Information

Description

Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the verify function in application/controllers/alerts.php (2) the save_all function in application/models/settings.php or (3) the media type to the timeline function in application/controllers/json.php.

Reference

http://openwall.com/lists/oss-security/2012/08/09/5 https://github.com/ushahidi/Ushahidi_Web/commit/4764792 https://github.com/ushahidi/Ushahidi_Web/commit/d954093 https://github.com/ushahidi/Ushahidi_Web/commit/fdb48d1