Default configuration

2014-11-2017:50:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

60.4%

JSON

The default checkout completion rule in the commerce_order module in the Drupal Commerce module 7.x-1.x before 7.x-1.10 for Drupal uses the email address as the username for new accounts created at checkout, which allows remote attackers to obtain sensitive information via unspecified vectors.

CPENameOperatorVersion
commerceeq7.120.11
commerceeq7.x-1.0 rc3
commerceeq7.x-1.0 alpha3
commerceeq7.x-1.0 beta1
commerceeq7.x-1.0 alpha4
commerceeq7.x-1.0 alpha1
commerceeq7.120.10
commerceeq7.x-1.0 alpha5
commerceeq7.x-1.0 beta4
commerceeq7.x-1.0 alpha2

Name	Operator	Version
commerce	eq	7.120.11
commerce	eq	7.x-1.0 rc3
commerce	eq	7.x-1.0 alpha3
commerce	eq	7.x-1.0 beta1
commerce	eq	7.x-1.0 alpha4
commerce	eq	7.x-1.0 alpha1
commerce	eq	7.120.10
commerce	eq	7.x-1.0 alpha5
commerce	eq	7.x-1.0 beta4
commerce	eq	7.x-1.0 alpha2