CVSS: 5.0EPSS: 1%CPEs: 8EXPL: 1CVE-2012-2702
https://notcve.org/view.php?id=CVE-2012-2702
The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain conditions related to the uid. El módulo Ubercart Product Keys v6.x-1.x anterior a v6.x-1.1 para Drupal no comprueba correctamente el acceso a las claves, lo que permite a atacantes remotos leer todas las claves del producto no asignadas a través de ciertas condiciones relacionadas con el uid. • http://drupal.org/node/1580752 http://drupal.org/node/1585532 http://drupalcode.org/project/uc_product_keys.git/commitdiff/19fa261 http://osvdb.org/82005 http://secunia.com/advisories/49169 http://www.openwall.com/lists/oss-security/2012/06/14/3 https://exchange.xforce.ibmcloud.com/vulnerabilities/75720 • CWE-264: Permissions, Privileges, and Access Controls •