Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2702

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-2702
Last Modified 18 Aug 2012 11:44:34
Published 26 Jun 2012 08:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2702

Summary

The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain conditions related to the uid.

Vulnerable Systems

Application

  • Tony Freixas Ubercart Product Keys 6.x-1.0


References

MLIST - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules

CONFIRM - http://drupalcode.org/project/uc_product_keys.git/commitdiff/19fa261

MISC - http://drupal.org/node/1585532

CONFIRM - http://drupal.org/node/1580752

XF - ubercartproductkeys-keys-security-bypass(75720)

SECUNIA - 49169

OSVDB - 82005


Last Updated: 27 May 2016 10:56:35