|Date: (C)2010-04-20 (M)2017-08-18|
|CVSS Score: 5.0||Access Vector: NETWORK|
|Exploitability Subscore: 10.0||Access Complexity: LOW|
|Impact Subscore: 2.9||Authentication: NONE|
| ||Confidentiality: NONE|
| ||Integrity: PARTIAL|
| ||Availability: NONE|
The PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal does not properly validate orders, which allows remote attackers to trigger unspecified "duplicate actions" via unknown vectors.