Vulnerability Details : CVE-2012-2702
The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain conditions related to the uid.
Products affected by CVE-2012-2702
- cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:*:*:*:*:*:*:*
- cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:alpha2:*:*:*:*:*:*
- cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:alpha3:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-2702
1.76%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-2702
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2012-2702
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2702
-
http://drupal.org/node/1585532
Access to this page has been denied.Patch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/75720
Ubercart Product Keys module for Drupal product keys security bypass CVE-2012-2702 Vulnerability Report
-
http://www.openwall.com/lists/oss-security/2012/06/14/3
oss-security - Re: CVE Request for Drupal contributed modules
-
http://drupalcode.org/project/uc_product_keys.git/commitdiff/19fa261
Access to this page has been denied.Exploit;Patch
-
http://drupal.org/node/1580752
Access to this page has been denied.Patch;Vendor Advisory
Jump to