5
CVE-2014-9025
- EPSS 0.24%
- Veröffentlicht 20.11.2014 17:50:14
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe default checkout completion rule in the commerce_order module in the Drupal Commerce module 7.x-1.x before 7.x-1.10 for Drupal uses the email address as the username for new accounts created at checkout, which allows remote attackers to obtain sensitive information via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Commerceguys ≫ Commerce Version7.x-1.0 SwPlatformdrupal
Commerceguys ≫ Commerce Version7.x-1.0 Updatealpha1 SwPlatformdrupal
Commerceguys ≫ Commerce Version7.x-1.0 Updatealpha2 SwPlatformdrupal
Commerceguys ≫ Commerce Version7.x-1.0 Updatealpha3 SwPlatformdrupal
Commerceguys ≫ Commerce Version7.x-1.0 Updatealpha4 SwPlatformdrupal
Commerceguys ≫ Commerce Version7.x-1.0 Updatealpha5 SwPlatformdrupal
Commerceguys ≫ Commerce Version7.x-1.0 Updatebeta1 SwPlatformdrupal
Commerceguys ≫ Commerce Version7.x-1.0 Updatebeta2 SwPlatformdrupal
Commerceguys ≫ Commerce Version7.x-1.0 Updatebeta3 SwPlatformdrupal
Commerceguys ≫ Commerce Version7.x-1.0 Updatebeta4 SwPlatformdrupal
Commerceguys ≫ Commerce Version7.x-1.0 Updaterc1 SwPlatformdrupal
Commerceguys ≫ Commerce Version7.x-1.0 Updaterc2 SwPlatformdrupal
Commerceguys ≫ Commerce Version7.x-1.0 Updaterc3 SwPlatformdrupal
Commerceguys ≫ Commerce Version7.x-1.1 SwPlatformdrupal
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.436 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.