The Ubercart Product Keys module 6.x-1.x prior to 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote malicious users to read all unassigned product keys via certain conditions related to the uid.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tony_freixas ubercart_product_keys 6.x-1.0 |