Ushahidi Security Bulletin

Ushahidi
Dec 12, 2011

A critical security vulnerability was discovered in the 2.1 release of Ushahidi. A fix had been posted but we were recently notified that this fix was not reflected in the version of the Ushahidi platform available for download at download.ushahidi.com. This vulnerability allows for unapproved reports to be viewable via search. A patch has been posted and we recommend that you update your files immediately. We would like to extend our thanks to community members George Chamales and Rob Munro for their assistance. Advisory ID: USHAHIDI-SA-WEB-2011-002 Project: Ushahidi-Web Version: 2.1 Date: 2012-12-12 Security Risk: Critical Vulnerability: Unapproved reports show up in search Fix/Patch: Replace /application/controllers/search.php with this file. To see all security alerts, please see: http://security.ushahidi.com/ This information will also be shared on our Ushahidi Developer mailing list, skype chat and social media channels.