CVE-2012-3473 Information

Description

The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication which allows remote attackers to generate reports and organize comments via API functions.

Reference

http://openwall.com/lists/oss-security/2012/08/09/5 https://github.com/ushahidi/Ushahidi_Web/commit/13ca6f4 https://github.com/ushahidi/Ushahidi_Web/commit/f67f4ad