CVE-2014-9026

2014-11-20T17:50:00
ID CVE-2014-9026
Type cve
Reporter cve@mitre.org
Modified 2014-11-21T02:43:00

Description

The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the "view own orders" permission to obtain sensitive information via unspecified vectors.