PT-2012-3933 · Drupal · Ubercart

Greg Knaddison

Published

2012-08-14

Updated

2012-08-15

CVE-2012-2299

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Ubercart module versions 6.x-2.x through 6.x-2.7 Ubercart module versions 7.x-3.x through 7.x-3.0

Description The issue allows local users to obtain sensitive information by reading from the database because passwords for new customers are stored in plaintext during checkout.

Recommendations For Ubercart module versions 6.x-2.x through 6.x-2.7, update to version 6.x-2.8 or later. For Ubercart module versions 7.x-3.x through 7.x-3.0, update to version 7.x-3.1 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

CVE-2012-2299

Affected Products

Ubercart

PT-2012-3933 · Drupal · Ubercart

CVE-2012-2299

Weakness Enumeration

Related Identifiers

Affected Products

References · 11