CVE-2012-3475

The installer in the Ushahidi Platform before 2.5 omits certain calls to the exit function, which allows remote attackers to obtain administrative privileges via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
ushahidiushahidi_platform
𝑥
≤ 2.4.1
ushahidiushahidi_platform
1.0
ushahidiushahidi_platform
1.2
ushahidiushahidi_platform
2.0
ushahidiushahidi_platform
2.1
ushahidiushahidi_platform
2.2
ushahidiushahidi_platform
2.2.1
ushahidiushahidi_platform
2.3.1
ushahidiushahidi_platform
2.3.2
ushahidiushahidi_platform
2.4
𝑥
= Vulnerable software versions
References
http://openwall.com/lists/oss-security/2012/08/09/5
https://github.com/ushahidi/Ushahidi_Web/commit/7892559
https://github.com/ushahidi/Ushahidi_Web/commit/fcdad03
http://openwall.com/lists/oss-security/2012/08/09/5
https://github.com/ushahidi/Ushahidi_Web/commit/7892559
https://github.com/ushahidi/Ushahidi_Web/commit/fcdad03