PT-2012-4220 · Ubercart · Ubercart Ajax Cart

Published

2012-06-27

Updated

2017-08-29

CVE-2012-2731

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Ubercart AJAX Cart versions 6.x-2.x before 6.x-2.1

Description The issue allows remote attackers to potentially obtain sensitive information by sniffing or reading the cache of the HTML of a webpage, as the PHP session id is stored in the JavaScript settings array in page loads.

Recommendations For Ubercart AJAX Cart versions 6.x-2.x before 6.x-2.1, update to version 6.x-2.1 or later to resolve the issue.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2012-2731

Affected Products

Ubercart Ajax Cart

PT-2012-4220 · Ubercart · Ubercart Ajax Cart

CVE-2012-2731

Weakness Enumeration

Related Identifiers

Affected Products

References · 7