Vulnerabilities > CVE-2009-4772 - Information Disclosure vulnerability in Ubercart

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

ubercart

drupal

NVD

Published: 2010-04-20

Updated: 2017-08-17

Summary

Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive information via unknown vectors.

Vulnerable Configurations

Part	Description	Count
Application	Ubercart Ubercart Ubercart 5.X-1.0 Ubercart Ubercart 5.X-1.1 Ubercart Ubercart 5.X-1.2 Ubercart Ubercart 5.X-1.3 Ubercart Ubercart 5.X-1.4 Ubercart Ubercart 5.X-1.5 Ubercart Ubercart 5.X-1.6 Ubercart Ubercart 5.X-1.7 Ubercart Ubercart 5.X-1.8 Ubercart Ubercart 6.X-2.0	51
Application	Drupal Drupal Drupal *	1

References

http://drupal.org/node/636576
http://osvdb.org/60291
http://secunia.com/advisories/37440
http://www.securityfocus.com/bid/37058
https://exchange.xforce.ibmcloud.com/vulnerabilities/54345