Security Advisory

CVE-2012-3472

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2012-08-12 21:00:00

Last updated 2024-09-16 17:43:45

Assigner redhat

State PUBLISHED

Description

The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize messages via a GET request.

← Browse all CVEs View on cve.org ↗