CVE-2012-3469 Information

Description

Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php (2) application/libraries/api/MY_Checkin_Api_Object.php (3) application/controllers/admin/messages/reporters.php or (4) the location API in application/libraries/api/MY_Locations_Api_Object.php and application/models/location.php.

Reference

http://openwall.com/lists/oss-security/2012/08/09/5 https://github.com/ushahidi/Ushahidi_Web/commit/68d9916 https://github.com/ushahidi/Ushahidi_Web/commit/6f6a919 https://github.com/ushahidi/Ushahidi_Web/commit/a11d43c https://github.com/ushahidi/Ushahidi_Web/commit/e0e2b66