CVE-2012-2702

Published Jun 27, 2012

Last updated 7 years ago

Overview

Description: The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain conditions related to the uid.
Source: secalert@redhat.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-264

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "73A2ABE5-70AA-4E9B-901F-DD59E1D025E3"
          },
          {
            "criteria": "cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:alpha1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F989887D-9D86-49CB-992A-6A1618C62C1A"
          },
          {
            "criteria": "cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:alpha2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECF7D83C-16F6-499C-AD0E-C086BEF8ECC3"
          },
          {
            "criteria": "cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:alpha3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B90AE107-8418-4364-8C73-F749D352F246"
          },
          {
            "criteria": "cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE346CF7-4007-42F2-BE0C-5D4F3EA52855"
          },
          {
            "criteria": "cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53FC3D4D-D2ED-4ECC-A683-515B3E729EE6"
          },
          {
            "criteria": "cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6BF7C951-4ACA-45F4-81FA-F18487F72169"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References