Vulnerability Details : CVE-2012-3475
The installer in the Ushahidi Platform before 2.5 omits certain calls to the exit function, which allows remote attackers to obtain administrative privileges via unspecified vectors.
Products affected by CVE-2012-3475
- cpe:2.3:a:ushahidi:ushahidi_platform:*:*:*:*:*:*:*:*
- cpe:2.3:a:ushahidi:ushahidi_platform:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:ushahidi:ushahidi_platform:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ushahidi:ushahidi_platform:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ushahidi:ushahidi_platform:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ushahidi:ushahidi_platform:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ushahidi:ushahidi_platform:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ushahidi:ushahidi_platform:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ushahidi:ushahidi_platform:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ushahidi:ushahidi_platform:2.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-3475
0.52%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 64 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-3475
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2012-3475
-
https://github.com/ushahidi/Ushahidi_Web/commit/7892559
Make sure we redirect quit after redirecting to installer #684 · ushahidi/Ushahidi_Web@7892559 · GitHubPatch
-
http://openwall.com/lists/oss-security/2012/08/09/5
oss-security - Re: CVE request for Ushahidi
-
https://github.com/ushahidi/Ushahidi_Web/commit/fcdad03
Quick fix to installer exploits for hijacking admin user #664 · ushahidi/Ushahidi_Web@fcdad03 · GitHubPatch
Jump to