5

CVE-2009-4771

The PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal does not properly validate orders, which allows remote attackers to trigger unspecified "duplicate actions" via unknown vectors.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
UbercartUbercart Version5.x-1.0
   DrupalDrupal
UbercartUbercart Version5.x-1.0 Updatealpha1
   DrupalDrupal
UbercartUbercart Version5.x-1.0 Updatealpha2
   DrupalDrupal
UbercartUbercart Version5.x-1.0 Updatealpha3
   DrupalDrupal
UbercartUbercart Version5.x-1.0 Updatealpha4
   DrupalDrupal
UbercartUbercart Version5.x-1.0 Updatealpha5
   DrupalDrupal
UbercartUbercart Version5.x-1.0 Updatealpha6
   DrupalDrupal
UbercartUbercart Version5.x-1.0 Updatealpha6b
   DrupalDrupal
UbercartUbercart Version5.x-1.0 Updatealpha6c
   DrupalDrupal
UbercartUbercart Version5.x-1.0 Updatealpha7
   DrupalDrupal
UbercartUbercart Version5.x-1.0 Updatealpha7b
   DrupalDrupal
UbercartUbercart Version5.x-1.0 Updatealpha7c
   DrupalDrupal
UbercartUbercart Version5.x-1.0 Updatealpha7d
   DrupalDrupal
UbercartUbercart Version5.x-1.0 Updatealpha7e
   DrupalDrupal
UbercartUbercart Version5.x-1.0 Updatealpha8
   DrupalDrupal
UbercartUbercart Version5.x-1.0 Updatebeta1
   DrupalDrupal
UbercartUbercart Version5.x-1.0 Updatebeta2
   DrupalDrupal
UbercartUbercart Version5.x-1.0 Updatebeta3
   DrupalDrupal
UbercartUbercart Version5.x-1.0 Updatebeta4
   DrupalDrupal
UbercartUbercart Version5.x-1.0 Updatebeta5
   DrupalDrupal
UbercartUbercart Version5.x-1.0 Updatebeta6
   DrupalDrupal
UbercartUbercart Version5.x-1.0 Updatebeta7
   DrupalDrupal
UbercartUbercart Version5.x-1.0 Updaterc1
   DrupalDrupal
UbercartUbercart Version5.x-1.0 Updaterc2
   DrupalDrupal
UbercartUbercart Version5.x-1.0 Updaterc3
   DrupalDrupal
UbercartUbercart Version5.x-1.0 Updaterc4
   DrupalDrupal
UbercartUbercart Version5.x-1.0 Updaterc5
   DrupalDrupal
UbercartUbercart Version5.x-1.1
   DrupalDrupal
UbercartUbercart Version5.x-1.2
   DrupalDrupal
UbercartUbercart Version5.x-1.3
   DrupalDrupal
UbercartUbercart Version5.x-1.3 Updaterc1
   DrupalDrupal
UbercartUbercart Version5.x-1.4
   DrupalDrupal
UbercartUbercart Version5.x-1.5
   DrupalDrupal
UbercartUbercart Version5.x-1.6
   DrupalDrupal
UbercartUbercart Version5.x-1.7
   DrupalDrupal
UbercartUbercart Version5.x-1.8
   DrupalDrupal
UbercartUbercart Version6.x-2.0
   DrupalDrupal
UbercartUbercart Version6.x-2.0 Updatebeta1
   DrupalDrupal
UbercartUbercart Version6.x-2.0 Updatebeta2
   DrupalDrupal
UbercartUbercart Version6.x-2.0 Updatebeta3
   DrupalDrupal
UbercartUbercart Version6.x-2.0 Updatebeta4
   DrupalDrupal
UbercartUbercart Version6.x-2.0 Updatebeta5
   DrupalDrupal
UbercartUbercart Version6.x-2.0 Updatebeta6
   DrupalDrupal
UbercartUbercart Version6.x-2.0 Updatedev
   DrupalDrupal
UbercartUbercart Version6.x-2.0 Updaterc1
   DrupalDrupal
UbercartUbercart Version6.x-2.0 Updaterc2
   DrupalDrupal
UbercartUbercart Version6.x-2.0 Updaterc3
   DrupalDrupal
UbercartUbercart Version6.x-2.0 Updaterc4
   DrupalDrupal
UbercartUbercart Version6.x-2.0 Updaterc5
   DrupalDrupal
UbercartUbercart Version6.x-2.0 Updaterc6
   DrupalDrupal
UbercartUbercart Version6.x-2.0 Updaterc7
   DrupalDrupal
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.621
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://drupal.org/node/636576
Patch
Vendor Advisory