2.1

CVE-2012-2299

Exploit
The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
UbercartUbercart Version6.x-2.0
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.0 Updatebeta1
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.0 Updatebeta2
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.0 Updatebeta3
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.0 Updatebeta4
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.0 Updatebeta5
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.0 Updatebeta6
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.0 Updatedev
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.0 Updaterc1
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.0 Updaterc2
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.0 Updaterc3
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.0 Updaterc4
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.0 Updaterc5
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.0 Updaterc6
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.0 Updaterc7
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.1
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.2
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.3
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.4
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.6
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.7
   DrupalDrupal Version-
UbercartUbercart Version7.x-3.0
   DrupalDrupal Version-
UbercartUbercart Version7.x-3.0 Updatealpha1
   DrupalDrupal Version-
UbercartUbercart Version7.x-3.0 Updatealpha2
   DrupalDrupal Version-
UbercartUbercart Version7.x-3.0 Updatealpha3
   DrupalDrupal Version-
UbercartUbercart Version7.x-3.0 Updatebeta1
   DrupalDrupal Version-
UbercartUbercart Version7.x-3.0 Updatebeta2
   DrupalDrupal Version-
UbercartUbercart Version7.x-3.0 Updatebeta3
   DrupalDrupal Version-
UbercartUbercart Version7.x-3.0 Updatebeta4
   DrupalDrupal Version-
UbercartUbercart Version7.x-3.0 Updatedev
   DrupalDrupal Version-
UbercartUbercart Version7.x-3.0 Updaterc1
   DrupalDrupal Version-
UbercartUbercart Version7.x-3.0 Updaterc2
   DrupalDrupal Version-
UbercartUbercart Version7.x-3.0 Updaterc3
   DrupalDrupal Version-
UbercartUbercart Version7.x-3.0 Updaterc4
   DrupalDrupal Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.52% 0.401
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.openwall.com/lists/oss-security/2012/05/03/1
http://www.openwall.com/lists/oss-security/2012/05/03/2
http://drupal.org/node/1547506
Patch
http://drupal.org/node/1547508
Patch
http://drupal.org/node/1547674
Patch
Vendor Advisory
http://drupalcode.org/project/ubercart.git/commitdiff/035d2cb
Patch
Exploit
http://drupalcode.org/project/ubercart.git/commitdiff/8c61e84
Patch
Exploit
http://secunia.com/advisories/48935
Vendor Advisory
http://www.securityfocus.com/bid/53251