The Ubercart module 7.x-3.x prior to 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the "view own orders" permission to obtain sensitive information via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ubercart ubercart 7.x-3.0 |
||
ubercart ubercart 7.x-3.6 |
||
ubercart ubercart 7.x-3.7 |
||
ubercart ubercart 7.x-3.3 |
||
ubercart ubercart 7.x-3.5 |
||
ubercart ubercart 7.x-3.1 |
||
ubercart ubercart 7.x-3.x-dev |
||
ubercart ubercart 7.x-3.2 |
||
ubercart ubercart 7.x-3.4 |