CVE-2012-4482

The Ubercart SecureTrading Payment Method module 6.x for Drupal does not properly verify payment notification information, which allows remote attackers to purchase an item without paying via unspecified vectors.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://drupal.org/node/1679820	Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/10/04/6
http://www.openwall.com/lists/oss-security/2012/10/07/1
http://drupal.org/node/1679820	Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/10/04/6
http://www.openwall.com/lists/oss-security/2012/10/07/1

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:longwaveconsulting:ubercart_securetrading_payment_method_module:6.x-1.0:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2012-10-31 16:55

Updated : 2025-04-11 00:51

NVD link : CVE-2012-4482

Mitre link : CVE-2012-4482

CVE.ORG link : CVE-2012-4482

JSON object : View

Products Affected

longwaveconsulting

ubercart_securetrading_payment_method_module

drupal

drupal

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2012-4482", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-10-31T16:55:02.530", "references": [{"url": "http://drupal.org/node/1679820", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2012/10/04/6", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2012/10/07/1", "source": "secalert@redhat.com"}, {"url": "http://drupal.org/node/1679820", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2012/10/04/6", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2012/10/07/1", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The Ubercart SecureTrading Payment Method module 6.x for Drupal does not properly verify payment notification information, which allows remote attackers to purchase an item without paying via unspecified vectors."}, {"lang": "es", "value": "El m\u00f3dulo Ubercart SecureTrading Payment Method v6.x para Drupal no verifica correctamente la informaci\u00f3n de la notificaci\u00f3n de pago, lo que permite a atacantes remotos comprar un art\u00edculo sin pagar a trav\u00e9s de vectores no especificados.\r\n"}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:longwaveconsulting:ubercart_securetrading_payment_method_module:6.x-1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B517B068-3BF0-4693-9A04-EDED5431A061"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secalert@redhat.com"}