Unrestricted Access to Unassigned Product Keys in Ubercart Product Keys Module for Drupal

Unrestricted Access to Unassigned Product Keys in Ubercart Product Keys Module for Drupal

CVE-2012-2702 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain conditions related to the uid.

Learn more about our Web Application Penetration Testing UK.