CVE-2014-9026

Published: Nov 20, 2014Modified: May 6, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the "view own orders" permission to obtain sensitive information via unspecified vectors.

Affected (20)

Products: Ubercart: Ubercart

Ubercart

1 product

Ubercart

Configuration A

20 vulnerable

Vulnerable Software	Affected Versions
Ubercart Ubercart	Version 7.x-3.0
Ubercart Ubercart	Version 7.x-3.0 alpha1
Ubercart Ubercart	Version 7.x-3.0 alpha2
Ubercart Ubercart	Version 7.x-3.0 alpha3
Ubercart Ubercart	Version 7.x-3.0 beta1
Ubercart Ubercart	Version 7.x-3.0 beta2
Ubercart Ubercart	Version 7.x-3.0 beta3
Ubercart Ubercart	Version 7.x-3.0 beta4
Ubercart Ubercart	Version 7.x-3.0 rc1
Ubercart Ubercart	Version 7.x-3.0 rc2
Ubercart Ubercart	Version 7.x-3.0 rc3
Ubercart Ubercart	Version 7.x-3.0 rc4
Ubercart Ubercart	Version 7.x-3.1
Ubercart Ubercart	Version 7.x-3.2
Ubercart Ubercart	Version 7.x-3.3
Ubercart Ubercart	Version 7.x-3.4
Ubercart Ubercart	Version 7.x-3.5
Ubercart Ubercart	Version 7.x-3.6
Ubercart Ubercart	Version 7.x-3.7
Ubercart Ubercart	Version 7.x-3.x-dev

Related CWEs

CWE-264

References (4)

https://www.drupal.org/node/2336109

Source: cve@mitre.org

Patch

https://www.drupal.org/node/2336259

Source: cve@mitre.org

Vendor Advisory

https://www.drupal.org/node/2336109

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://www.drupal.org/node/2336259

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.