CVE-2009-3782

Published: Oct 26, 2009Modified: Apr 23, 2026

3.5

Vector

AV:N/AC:M/Au:S/C:P/I:N/A:N

Exploitability: 6.8 / Impact: 2.9

Source: NVD

Description

Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with "View own userpoints" permissions to read the userpoint data of arbitrary users via unknown attack vectors.

Affected (2)

Products: 2bits: Userpoints

2bits

1 product

Userpoints

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
2bits Userpoints	Version 6.x-1.0
2bits Userpoints	Version 6.x-1.x-dev

Running on/with	Platform Versions
Drupal Drupal	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (14)

http://drupal.org/node/610818

Source: cve@mitre.org

PatchVendor Advisory

http://drupal.org/node/610828

Source: cve@mitre.org

PatchVendor Advisory

http://osvdb.org/59124

Source: cve@mitre.org

http://secunia.com/advisories/37123

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/36786

Source: cve@mitre.org

Patch

http://www.vupen.com/english/advisories/2009/2998

Source: cve@mitre.org

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/53896

Source: cve@mitre.org

http://drupal.org/node/610818