[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-2702Date: (C)2012-06-26   (M)2023-12-22


The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain conditions related to the uid.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECUNIA-49169
OSVDB-82005
http://www.openwall.com/lists/oss-security/2012/06/14/3
http://drupal.org/node/1580752
http://drupal.org/node/1585532
http://drupalcode.org/project/uc_product_keys.git/commitdiff/19fa261
ubercartproductkeys-keys-security-bypass(75720)

CPE    8
cpe:/a:tony_freixas:ubercart_product_keys:6.x-1.0:alpha2
cpe:/a:tony_freixas:ubercart_product_keys:6.x-1.0
cpe:/a:tony_freixas:ubercart_product_keys:6.x-1.0:alpha3
cpe:/a:tony_freixas:ubercart_product_keys:6.x-1.0:alpha1
...
CWE    1
CWE-264

© SecPod Technologies