2 matches found
CVE-2014-9026
The CVE-2014-9026 issue affects Drupal’s Ubercart module (7.x-3.x) prior to 7.x-3.7, where the per-user order history view is not properly protected. Remote authenticated users with the “view own orders” permission could access sensitive order-history information via unspecified vectors. Affected...
SA-CONTRIB-2014-085 - Ubercart - Information disclosure
The Ubercart module for Drupal provides a shopping cart and e-commerce features for Drupal. The per-user order history view is not properly protected. This vulnerability is mitigated by the fact that an attacker must have an account with the "view own orders" permission and can only view order ID...