CVE-2014-9026

Name of the Vulnerable Software and Affected Versions Ubercart module versions 7.x-3.x before 7.x-3.7

Description The issue allows remote authenticated users with the "view own orders" permission to obtain sensitive information. This is due to the module not properly protecting the per-user order history view.

Recommendations For Ubercart module versions 7.x-3.x before 7.x-3.7, update to version 7.x-3.7 or later to resolve the issue.