VIR Vulnerability Intelligence Relay

CVE-2012-3470

high
Published 2012-08-12 · Modified 2026-04-29
CVSS v3
CVSS v2
7.5
VIR risk
7.5

Description

Multiple SQL injection vulnerabilities in application/libraries/api/MY_Countries_Api_Object.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to _get_countries functions.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://github.com/ushahidi/Ushahidi_Web/commit/3301e48

Application impact
VendorProductVersionsFixed
ushahidiushahidi_platform{"endIncluding":"2.4.1"}
ushahidiushahidi_platform1.0
ushahidiushahidi_platform1.2
ushahidiushahidi_platform2.0
ushahidiushahidi_platform2.1
ushahidiushahidi_platform2.2
ushahidiushahidi_platform2.2.1
ushahidiushahidi_platform2.3.1
ushahidiushahidi_platform2.3.2
ushahidiushahidi_platform2.4

References

CWEs

CWE-89

Verify integrity in audit chain (admin only). AS-IS.