CVE-2014-9026

2014-11-20T12:50:15
ID CVE-2014-9026
Type cve
Reporter NVD
Modified 2014-11-20T21:43:26

Description

The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the "view own orders" permission to obtain sensitive information via unspecified vectors.