PT-2010-1582 · Drupal · Ubercart

Published

2010-04-20

Updated

2017-08-17

CVE-2009-4773

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Ubercart module versions 5.x before 5.x-1.9 Ubercart module versions 6.x before 6.x-2.1

Description A cross-site request forgery (CSRF) issue exists in the order-management functionality of the Ubercart module for Drupal. This allows remote attackers to hijack the authentication of victims via unknown vectors.

Recommendations For Ubercart module version 5.x, update to version 5.x-1.9 or later. For Ubercart module version 6.x, update to version 6.x-2.1 or later.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2009-4773

Affected Products

Ubercart

PT-2010-1582 · Drupal · Ubercart

CVE-2009-4773

Weakness Enumeration

Related Identifiers

Affected Products

References · 7