Ubercart : Security vulnerabilities, CVEs published in 2010

Copy

CVE-2009-4773

Cross-site request forgery (CSRF) vulnerability in the order-management functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Max CVSS

6.8

EPSS Score

0.21%

Published

2010-04-20

Updated

2017-08-17

CVE-2009-4772

Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive information via unknown vectors.

Max CVSS

4.3

EPSS Score

0.26%

Published

2010-04-20

Updated

2017-08-17

CVE-2009-4771

The PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal does not properly validate orders, which allows remote attackers to trigger unspecified "duplicate actions" via unknown vectors.

Max CVSS

5.0

EPSS Score

0.44%

Published

2010-04-20

Updated

2017-08-17

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!