CVE-2012-2301

Ubercart 6.x-2.x < 6.x-2.8 - Authenticated PHP Code Execution

Title source: llm
STIX 2.1

Description

The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer product classes" permission to execute arbitrary PHP code via unspecified vectors.

References (7)

Core 7
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/05/03/2
Patch x_refsource_misc
http://drupal.org/node/1547506
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48935
Vendor Advisory x_refsource_misc
http://drupal.org/node/1547674
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/05/03/1
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/53251
Patch x_refsource_misc
http://drupal.org/node/1547508

Scores

EPSS 0.0121
EPSS Percentile 64.6%

Details

CWE
CWE-94
Status published
Products (7)
ubercart/ubercart 6.x-2.0
ubercart/ubercart 6.x-2.1
ubercart/ubercart 6.x-2.2
ubercart/ubercart 6.x-2.3
ubercart/ubercart 6.x-2.4
ubercart/ubercart 6.x-2.6
ubercart/ubercart 6.x-2.7
Published Nov 16, 2014
Tracked Since Feb 18, 2026