Unrated severityNVD Advisory· Published Aug 12, 2012· Updated Apr 29, 2026
CVE-2012-3468
CVE-2012-3468
Description
Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the verify function in application/controllers/alerts.php, (2) the save_all function in application/models/settings.php, or (3) the media type to the timeline function in application/controllers/json.php.
Affected products
10cpe:2.3:a:ushahidi:ushahidi_platform:*:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:ushahidi:ushahidi_platform:*:*:*:*:*:*:*:*range: <=2.4.1
- cpe:2.3:a:ushahidi:ushahidi_platform:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ushahidi:ushahidi_platform:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ushahidi:ushahidi_platform:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ushahidi:ushahidi_platform:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ushahidi:ushahidi_platform:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ushahidi:ushahidi_platform:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ushahidi:ushahidi_platform:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ushahidi:ushahidi_platform:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:ushahidi:ushahidi_platform:2.4:*:*:*:*:*:*:*
Patches
34764792https://github.com/ushahidi/Ushahidi_Webvia nvd-ref
d954093https://github.com/ushahidi/Ushahidi_Webvia nvd-ref
fdb48d1https://github.com/ushahidi/Ushahidi_Webvia nvd-ref
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/ushahidi/Ushahidi_Web/commit/4764792nvdExploitPatch
- github.com/ushahidi/Ushahidi_Web/commit/d954093nvdExploitPatch
- github.com/ushahidi/Ushahidi_Web/commit/fdb48d1nvdExploitPatch
- openwall.com/lists/oss-security/2012/08/09/5nvd
News mentions
0No linked articles in our index yet.