// For flags

CVE-2012-2731

 

Severity Score

2.6
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage.

Ubercart AJAX Cart v6.x-2.x anterior a v6.x-2.1 para Drupal almacena la id de la sesión en la tabla de configuración de páginas cargadas, lo que podría permitir a atacantes remotos obtener información sensible espiando o leyendo la caché del HTML de una página Web.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-05-14 CVE Reserved
  • 2012-06-27 CVE Published
  • 2023-03-14 EPSS Updated
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Richardo Ante
Search vendor "Richardo Ante"
Ubercart Ajax Cart
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart"
6.x-2.0
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart" and version "6.x-2.0"
-
Affected
in Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
--
Safe
Richardo Ante
Search vendor "Richardo Ante"
Ubercart Ajax Cart
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart"
6.x-2.0
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart" and version "6.x-2.0"
alpha6
Affected
in Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
--
Safe
Richardo Ante
Search vendor "Richardo Ante"
Ubercart Ajax Cart
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart"
6.x-2.0
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart" and version "6.x-2.0"
alpha7
Affected
in Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
--
Safe
Richardo Ante
Search vendor "Richardo Ante"
Ubercart Ajax Cart
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart"
6.x-2.0
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart" and version "6.x-2.0"
alpha8
Affected
in Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
--
Safe
Richardo Ante
Search vendor "Richardo Ante"
Ubercart Ajax Cart
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart"
6.x-2.0
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart" and version "6.x-2.0"
beta1
Affected
in Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
--
Safe
Richardo Ante
Search vendor "Richardo Ante"
Ubercart Ajax Cart
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart"
6.x-2.0
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart" and version "6.x-2.0"
beta10
Affected
in Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
--
Safe
Richardo Ante
Search vendor "Richardo Ante"
Ubercart Ajax Cart
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart"
6.x-2.0
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart" and version "6.x-2.0"
beta11
Affected
in Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
--
Safe
Richardo Ante
Search vendor "Richardo Ante"
Ubercart Ajax Cart
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart"
6.x-2.0
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart" and version "6.x-2.0"
beta2
Affected
in Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
--
Safe
Richardo Ante
Search vendor "Richardo Ante"
Ubercart Ajax Cart
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart"
6.x-2.0
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart" and version "6.x-2.0"
beta3
Affected
in Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
--
Safe
Richardo Ante
Search vendor "Richardo Ante"
Ubercart Ajax Cart
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart"
6.x-2.0
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart" and version "6.x-2.0"
beta4
Affected
in Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
--
Safe
Richardo Ante
Search vendor "Richardo Ante"
Ubercart Ajax Cart
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart"
6.x-2.0
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart" and version "6.x-2.0"
beta5
Affected
in Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
--
Safe
Richardo Ante
Search vendor "Richardo Ante"
Ubercart Ajax Cart
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart"
6.x-2.0
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart" and version "6.x-2.0"
beta6
Affected
in Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
--
Safe
Richardo Ante
Search vendor "Richardo Ante"
Ubercart Ajax Cart
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart"
6.x-2.0
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart" and version "6.x-2.0"
beta7
Affected
in Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
--
Safe
Richardo Ante
Search vendor "Richardo Ante"
Ubercart Ajax Cart
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart"
6.x-2.0
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart" and version "6.x-2.0"
beta8
Affected
in Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
--
Safe
Richardo Ante
Search vendor "Richardo Ante"
Ubercart Ajax Cart
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart"
6.x-2.0
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart" and version "6.x-2.0"
beta9
Affected
in Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
--
Safe
Richardo Ante
Search vendor "Richardo Ante"
Ubercart Ajax Cart
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart"
6.x-2.0
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart" and version "6.x-2.0"
rc1
Affected
in Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
--
Safe
Richardo Ante
Search vendor "Richardo Ante"
Ubercart Ajax Cart
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart"
6.x-2.0
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart" and version "6.x-2.0"
rc2
Affected
in Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
--
Safe
Richardo Ante
Search vendor "Richardo Ante"
Ubercart Ajax Cart
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart"
6.x-2.0
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart" and version "6.x-2.0"
rc3
Affected
in Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
--
Safe
Richardo Ante
Search vendor "Richardo Ante"
Ubercart Ajax Cart
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart"
6.x-2.0
Search vendor "Richardo Ante" for product "Ubercart Ajax Cart" and version "6.x-2.0"
rc4
Affected
in Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
--
Safe