Lucene search

[email protected]CVE-2012-4482

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-4482

2022-10-0316:15:32

CWE-20

[email protected]

web.nvd.nist.gov

ubercart

securetrading

payment method

drupal

cve-2012-4482

remote attack

payment verification

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

60.5%

JSON

The Ubercart SecureTrading Payment Method module 6.x for Drupal does not properly verify payment notification information, which allows remote attackers to purchase an item without paying via unspecified vectors.

Affected configurations

NVD

Node

longwaveconsultingubercart_securetrading_payment_method_moduleMatch6.x-1.0

AND

drupaldrupalMatch-

CPENameOperatorVersion
longwaveconsulting:ubercart_securetrading_payment_method_modulelongwaveconsulting ubercart securetrading payment method moduleeq6.x-1.0

CPE	Name	Operator	Version
longwaveconsulting:ubercart_securetrading_payment_method_module	longwaveconsulting ubercart securetrading payment method module	eq	6.x-1.0

References

drupal.org/node/1679820

www.openwall.com/lists/oss-security/2012/10/04/6

www.openwall.com/lists/oss-security/2012/10/07/1

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

60.5%

JSON

Related for CVE-2012-4482

prion1 cvelist1 nvd1