CVE-2012-2301
Ubercart 6.x-2.x < 6.x-2.8 - Authenticated PHP Code Execution
Title source: llmDescription
The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer product classes" permission to execute arbitrary PHP code via unspecified vectors.
References (7)
Core 7
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/05/03/2
Patch x_refsource_misc
http://drupal.org/node/1547506
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48935
Vendor Advisory x_refsource_misc
http://drupal.org/node/1547674
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/05/03/1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/53251
Patch x_refsource_misc
http://drupal.org/node/1547508
Scores
EPSS
0.0121
EPSS Percentile
64.6%
Details
CWE
CWE-94
Status
published
Products (7)
ubercart/ubercart
6.x-2.0
ubercart/ubercart
6.x-2.1
ubercart/ubercart
6.x-2.2
ubercart/ubercart
6.x-2.3
ubercart/ubercart
6.x-2.4
ubercart/ubercart
6.x-2.6
ubercart/ubercart
6.x-2.7
Published
Nov 16, 2014
Tracked Since
Feb 18, 2026