Some vulnerabilities have been reported in the Ubercart module for Drupal, which can be exploited by malicious users to bypass certain security restrictions and disclose potentially sensitive information and by malicious people to conduct cross-site request forgery attacks.
1) An error due to improper authorisation verification can be exploited to view completed orders of other users.
2) An unspecified error in the module can potentially be exploited to disclose order information.
3) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to cause an unspecified impact.
The vulnerabilities are reported in versions prior to 5.x-1.9 and 6.x-2.1.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org