CVE-2012-2301

Published Nov 16, 2014

Last updated 10 years ago

CVSS info 6.0

Overview

Description: The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer product classes" permission to execute arbitrary PHP code via unspecified vectors.
Source: secalert@redhat.com
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 6
Impact score: 6.4
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-94

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2BCBA1DC-F8A5-4F2F-9752-28CC6C8FFD2D"
          },
          {
            "criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.1:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "810AB8A1-2985-4CD1-B35E-7F4409681B5E"
          },
          {
            "criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.2:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "31A48AE4-6112-41DC-AA23-E41A9C998506"
          },
          {
            "criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.3:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "86215DE2-5454-4B5C-B8B6-AC6EC6AD428B"
          },
          {
            "criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.4:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C60FC17-5C92-4816-9C1D-8F1175216A0E"
          },
          {
            "criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.6:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5EA1FA09-3303-4CA4-AEEA-FD0E83BC787D"
          },
          {
            "criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.7:*:*:*:*:drupal:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83C4A799-5ABE-47D6-83BF-828CFA44EC17"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References