CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-9025

The default checkout completion rule in the commerce_order module in the Drupal Commerce module 7.x-1.x before 7.x-1.10 for Drupal uses the email address as the username for new accounts created at checkout, which allows remote attackers to obtain sensitive information via unspecified vectors.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 46.6%

CVSS Severity

CVSS v2 Score 5.0

References

https://www.drupal.org/node/2336327
https://www.drupal.org/node/2336357
https://www.drupal.org/node/2336327
https://www.drupal.org/node/2336357

Products affected by CVE-2014-9025

Commerceguys » Commerce » Version: 7.x-1.0

cpe:2.3:a:commerceguys:commerce:7.x-1.0
Commerceguys » Commerce » Version: 7.x-1.1

cpe:2.3:a:commerceguys:commerce:7.x-1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-9025

Products

Pricing

Contact Us