Vulnerability Details CVE-2012-2299
The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.3%
CVSS Severity
CVSS v2 Score 2.1
References
- http://drupal.org/node/1547506
- http://drupal.org/node/1547508
- http://drupal.org/node/1547674
- http://drupalcode.org/project/ubercart.git/commitdiff/035d2cb
- http://drupalcode.org/project/ubercart.git/commitdiff/8c61e84
- http://secunia.com/advisories/48935
- http://www.openwall.com/lists/oss-security/2012/05/03/1
- http://www.openwall.com/lists/oss-security/2012/05/03/2
- http://www.securityfocus.com/bid/53251
- http://drupal.org/node/1547506
- http://drupal.org/node/1547508
- http://drupal.org/node/1547674
- http://drupalcode.org/project/ubercart.git/commitdiff/035d2cb
- http://drupalcode.org/project/ubercart.git/commitdiff/8c61e84
- http://secunia.com/advisories/48935
- http://www.openwall.com/lists/oss-security/2012/05/03/1
- http://www.openwall.com/lists/oss-security/2012/05/03/2
- http://www.securityfocus.com/bid/53251
Products affected by CVE-2012-2299
-
cpe:2.3:a:drupal:drupal:-
-
cpe:2.3:a:ubercart:ubercart:6.x-2.0
-
cpe:2.3:a:ubercart:ubercart:6.x-2.1
-
cpe:2.3:a:ubercart:ubercart:6.x-2.2
-
cpe:2.3:a:ubercart:ubercart:6.x-2.3
-
cpe:2.3:a:ubercart:ubercart:6.x-2.4
-
cpe:2.3:a:ubercart:ubercart:6.x-2.6
-
cpe:2.3:a:ubercart:ubercart:6.x-2.7
-
cpe:2.3:a:ubercart:ubercart:7.x-3.0