NVD Vulnerability Detail

CVE-2012-3471

Summary	Multiple SQL injection vulnerabilities in the edit functions in (1) application/controllers/admin/reports.php and (2) application/controllers/members/reports.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via an incident id.
Publication Date	Aug. 13, 2012, 6:55 a.m.
Registration Date	Jan. 28, 2021, 3 p.m.
Last Update	Nov. 21, 2024, 10:40 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ushahidi:ushahidi_platform:2.1:::::::*
cpe:2.3:a:ushahidi:ushahidi_platform:2.0:::::::*
cpe:2.3:a:ushahidi:ushahidi_platform:1.0:::::::*
cpe:2.3:a:ushahidi:ushahidi_platform:2.2.1:::::::*
cpe:2.3:a:ushahidi:ushahidi_platform::::::::		2.4.1
cpe:2.3:a:ushahidi:ushahidi_platform:2.3.1:::::::*
cpe:2.3:a:ushahidi:ushahidi_platform:2.2:::::::*
cpe:2.3:a:ushahidi:ushahidi_platform:2.4:::::::*
cpe:2.3:a:ushahidi:ushahidi_platform:2.3.2:::::::*
cpe:2.3:a:ushahidi:ushahidi_platform:1.2:::::::*

Related information, measures and tools

No	URL	タグ
1	http://openwall.com/lists/oss-security/2012/08/09/5
2	http://openwall.com/lists/oss-security/2012/08/09/5
3	https://github.com/ushahidi/Ushahidi_Web/commit/3f14fa0	Exploit Patch
4	https://github.com/ushahidi/Ushahidi_Web/commit/3f14fa0	Exploit Patch

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-89	SQLインジェクション	https://cwe.mitre.org/data/definitions/89.html

JVN Vulnerability Information

Ushahidi Platform における SQL インジェクションの脆弱性

Title	Ushahidi Platform における SQL インジェクションの脆弱性
Summary	Ushahidi Platform の (1) application/controllers/admin/reports.php、および (2) application/controllers/members/reports.php 内の edit 関数には、SQL インジェクションの脆弱性が存在します。
Possible impacts	第三者により、インシデント ID を介して、任意の SQL コマンドを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Aug. 12, 2012, midnight
Registration Date	Aug. 14, 2012, 4:49 p.m.
Last Update	Aug. 14, 2012, 4:49 p.m.

Affected System

Ushahidi

Ushahidi Platform 2.5 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-3471	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3471
National Vulnerability Database (NVD)
2	CVE-2012-3471	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3471

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-89	https://jvndb.jvn.jp/ja/cwe/CWE-89.html

ベンダー情報

No	Name	URL
GitHub
1	Fix SQLi in admin and members reports/edit controllers #645	https://github.com/ushahidi/Ushahidi_Web/commit/3f14fa0
Ushahidi
2	Ushahidi Platform	http://ushahidi.com/products/ushahidi-platform

Change Log

No	Changed Details	Date of change
0	[2012年08月14日] 掲載	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ushahidi:ushahidi_platform:2.1:::::::*
cpe:2.3:a:ushahidi:ushahidi_platform:2.0:::::::*
cpe:2.3:a:ushahidi:ushahidi_platform:1.0:::::::*
cpe:2.3:a:ushahidi:ushahidi_platform:2.2.1:::::::*
cpe:2.3:a:ushahidi:ushahidi_platform::::::::		2.4.1
cpe:2.3:a:ushahidi:ushahidi_platform:2.3.1:::::::*
cpe:2.3:a:ushahidi:ushahidi_platform:2.2:::::::*
cpe:2.3:a:ushahidi:ushahidi_platform:2.4:::::::*
cpe:2.3:a:ushahidi:ushahidi_platform:2.3.2:::::::*
cpe:2.3:a:ushahidi:ushahidi_platform:1.2:::::::*