Information Disclosure Vulnerability in Ubercart AJAX Cart for Drupal

Information Disclosure Vulnerability in Ubercart AJAX Cart for Drupal

CVE-2012-2731 · LOW Severity

AV:N/AC:H/AU:N/C:P/I:N/A:N

The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage.

Learn more about our Web App Pen Testing.