![icon](https://www.mend.io/vulnerability-database/wp-content/themes/whitesource/img/search_cube.png)
We found results for “”
CVE-2012-3473
Good to know:
![A fix is available icon](https://www.mend.io/vulnerability-database//wp-content/themes/whitesource/img/icon2.png)
Date: October 3, 2022
The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions.
Language: PHP
Severity Score
Severity Score
Weakness Type (CWE)
Authentication Issues
CWE-287Top Fix
![icon](https://www.mend.io/vulnerability-database//wp-content/themes/whitesource/img/sec5.png)
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | NONE |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | LOW |
Authentication (AU): | NONE |
Confidentiality (C): | PARTIAL |
Integrity (I): | PARTIAL |
Availability (A): | NONE |
Additional information: |