cpe:/a:ubercart:ubercart:5.x-1.0 cpe:/a:ubercart:ubercart:5.x-1.0:alpha1 cpe:/a:ubercart:ubercart:5.x-1.0:alpha2 cpe:/a:ubercart:ubercart:5.x-1.0:alpha3 cpe:/a:ubercart:ubercart:5.x-1.0:alpha4 cpe:/a:ubercart:ubercart:5.x-1.0:alpha5 cpe:/a:ubercart:ubercart:5.x-1.0:alpha6 cpe:/a:ubercart:ubercart:5.x-1.0:alpha6b cpe:/a:ubercart:ubercart:5.x-1.0:alpha6c cpe:/a:ubercart:ubercart:5.x-1.0:alpha7 cpe:/a:ubercart:ubercart:5.x-1.0:alpha7b cpe:/a:ubercart:ubercart:5.x-1.0:alpha7c cpe:/a:ubercart:ubercart:5.x-1.0:alpha7d cpe:/a:ubercart:ubercart:5.x-1.0:alpha7e cpe:/a:ubercart:ubercart:5.x-1.0:alpha8 cpe:/a:ubercart:ubercart:5.x-1.0:beta1 cpe:/a:ubercart:ubercart:5.x-1.0:beta2 cpe:/a:ubercart:ubercart:5.x-1.0:beta3 cpe:/a:ubercart:ubercart:5.x-1.0:beta4 cpe:/a:ubercart:ubercart:5.x-1.0:beta5 cpe:/a:ubercart:ubercart:5.x-1.0:beta6 cpe:/a:ubercart:ubercart:5.x-1.0:beta7 cpe:/a:ubercart:ubercart:5.x-1.0:rc1 cpe:/a:ubercart:ubercart:5.x-1.0:rc2 cpe:/a:ubercart:ubercart:5.x-1.0:rc3 cpe:/a:ubercart:ubercart:5.x-1.0:rc4 cpe:/a:ubercart:ubercart:5.x-1.0:rc5 cpe:/a:ubercart:ubercart:5.x-1.1 cpe:/a:ubercart:ubercart:5.x-1.2 cpe:/a:ubercart:ubercart:5.x-1.3 cpe:/a:ubercart:ubercart:5.x-1.3:rc1 cpe:/a:ubercart:ubercart:5.x-1.4 cpe:/a:ubercart:ubercart:5.x-1.5 cpe:/a:ubercart:ubercart:5.x-1.6 cpe:/a:ubercart:ubercart:5.x-1.7 cpe:/a:ubercart:ubercart:5.x-1.8 cpe:/a:ubercart:ubercart:6.x-2.0 cpe:/a:ubercart:ubercart:6.x-2.0:beta1 cpe:/a:ubercart:ubercart:6.x-2.0:beta2 cpe:/a:ubercart:ubercart:6.x-2.0:beta3 cpe:/a:ubercart:ubercart:6.x-2.0:beta4 cpe:/a:ubercart:ubercart:6.x-2.0:beta5 cpe:/a:ubercart:ubercart:6.x-2.0:beta6 cpe:/a:ubercart:ubercart:6.x-2.0:dev cpe:/a:ubercart:ubercart:6.x-2.0:rc1 cpe:/a:ubercart:ubercart:6.x-2.0:rc2 cpe:/a:ubercart:ubercart:6.x-2.0:rc3 cpe:/a:ubercart:ubercart:6.x-2.0:rc4 cpe:/a:ubercart:ubercart:6.x-2.0:rc5 cpe:/a:ubercart:ubercart:6.x-2.0:rc6 cpe:/a:ubercart:ubercart:6.x-2.0:rc7 CVE-2009-4771 2010-04-20T10:30:01.413-04:00 2017-08-16T21:31:44.947-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2010-04-21T09:23:00.000-04:00 BID 37058 SECUNIA 37440 OSVDB 60290 CONFIRM http://drupal.org/node/636576 XF ubercart-orders-security-bypass(54346) The PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal does not properly validate orders, which allows remote attackers to trigger unspecified "duplicate actions" via unknown vectors.