Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens.
Ushahidi before
Exploit
CVE-2012-5618
NVD
Refer to CVE-2012-5618 NVD advisory