Unrated severityNVD Advisory· Published Aug 12, 2012· Updated Apr 29, 2026
CVE-2012-3469
CVE-2012-3469
Description
Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2) application/libraries/api/MY_Checkin_Api_Object.php, (3) application/controllers/admin/messages/reporters.php, or (4) the location API in application/libraries/api/MY_Locations_Api_Object.php and application/models/location.php.
Affected products
10cpe:2.3:a:ushahidi:ushahidi_platform:*:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:ushahidi:ushahidi_platform:*:*:*:*:*:*:*:*range: <=2.4.1
- cpe:2.3:a:ushahidi:ushahidi_platform:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ushahidi:ushahidi_platform:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ushahidi:ushahidi_platform:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ushahidi:ushahidi_platform:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ushahidi:ushahidi_platform:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ushahidi:ushahidi_platform:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ushahidi:ushahidi_platform:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ushahidi:ushahidi_platform:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:ushahidi:ushahidi_platform:2.4:*:*:*:*:*:*:*
Patches
4a11d43chttps://github.com/ushahidi/Ushahidi_Webvia nvd-ref
68d9916https://github.com/ushahidi/Ushahidi_Webvia nvd-ref
6f6a919https://github.com/ushahidi/Ushahidi_Webvia nvd-ref
e0e2b66https://github.com/ushahidi/Ushahidi_Webvia nvd-ref
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/ushahidi/Ushahidi_Web/commit/68d9916nvdExploitPatch
- github.com/ushahidi/Ushahidi_Web/commit/6f6a919nvdExploitPatch
- github.com/ushahidi/Ushahidi_Web/commit/a11d43cnvdExploitPatch
- github.com/ushahidi/Ushahidi_Web/commit/e0e2b66nvdExploitPatch
- openwall.com/lists/oss-security/2012/08/09/5nvd
News mentions
0No linked articles in our index yet.