Lucene search
MitreCVE-2009-4771HistoryApr 20, 2010 - 2:30 p.m.
CVE-2009-4771
2010-04-2014:30:01
CWE-20
mitre
web.nvd.nist.gov
23
paypal
website payments
ubercart
drupal
remote attackers
security vulnerability
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.9
Confidence
Low
EPSS
0.004
Percentile
75.0%
The PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal does not properly validate orders, which allows remote attackers to trigger unspecified “duplicate actions” via unknown vectors.
Affected configurations
Node
ubercartubercartMatch5.x-1.0
ORubercartubercartMatch5.x-1.0alpha1
ORubercartubercartMatch5.x-1.0alpha2
ORubercartubercartMatch5.x-1.0alpha3
ORubercartubercartMatch5.x-1.0alpha4
ORubercartubercartMatch5.x-1.0alpha5
ORubercartubercartMatch5.x-1.0alpha6
ORubercartubercartMatch5.x-1.0alpha6b
ORubercartubercartMatch5.x-1.0alpha6c
ORubercartubercartMatch5.x-1.0alpha7
ORubercartubercartMatch5.x-1.0alpha7b
ORubercartubercartMatch5.x-1.0alpha7c
ORubercartubercartMatch5.x-1.0alpha7d
ORubercartubercartMatch5.x-1.0alpha7e
ORubercartubercartMatch5.x-1.0alpha8
ORubercartubercartMatch5.x-1.0beta1
ORubercartubercartMatch5.x-1.0beta2
ORubercartubercartMatch5.x-1.0beta3
ORubercartubercartMatch5.x-1.0beta4
ORubercartubercartMatch5.x-1.0beta5
ORubercartubercartMatch5.x-1.0beta6
ORubercartubercartMatch5.x-1.0beta7
ORubercartubercartMatch5.x-1.0rc1
ORubercartubercartMatch5.x-1.0rc2
ORubercartubercartMatch5.x-1.0rc3
ORubercartubercartMatch5.x-1.0rc4
ORubercartubercartMatch5.x-1.0rc5
ORubercartubercartMatch5.x-1.1
ORubercartubercartMatch5.x-1.2
ORubercartubercartMatch5.x-1.3
ORubercartubercartMatch5.x-1.3rc1
ORubercartubercartMatch5.x-1.4
ORubercartubercartMatch5.x-1.5
ORubercartubercartMatch5.x-1.6
ORubercartubercartMatch5.x-1.7
ORubercartubercartMatch5.x-1.8
ORubercartubercartMatch6.x-2.0
ORubercartubercartMatch6.x-2.0beta1
ORubercartubercartMatch6.x-2.0beta2
ORubercartubercartMatch6.x-2.0beta3
ORubercartubercartMatch6.x-2.0beta4
ORubercartubercartMatch6.x-2.0beta5
ORubercartubercartMatch6.x-2.0beta6
ORubercartubercartMatch6.x-2.0dev
ORubercartubercartMatch6.x-2.0rc1
ORubercartubercartMatch6.x-2.0rc2
ORubercartubercartMatch6.x-2.0rc3
ORubercartubercartMatch6.x-2.0rc4
ORubercartubercartMatch6.x-2.0rc5
ORubercartubercartMatch6.x-2.0rc6
ORubercartubercartMatch6.x-2.0rc7
drupaldrupal
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ubercart | ubercart | 5.x-1.0 | cpe:2.3:a:ubercart:ubercart:5.x-1.0:*:*:*:*:*:*:* |
| ubercart | ubercart | 5.x-1.0 | cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha1:*:*:*:*:*:* |
| ubercart | ubercart | 5.x-1.0 | cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha2:*:*:*:*:*:* |
| ubercart | ubercart | 5.x-1.0 | cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha3:*:*:*:*:*:* |
| ubercart | ubercart | 5.x-1.0 | cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha4:*:*:*:*:*:* |
| ubercart | ubercart | 5.x-1.0 | cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha5:*:*:*:*:*:* |
| ubercart | ubercart | 5.x-1.0 | cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha6:*:*:*:*:*:* |
| ubercart | ubercart | 5.x-1.0 | cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha6b:*:*:*:*:*:* |
| ubercart | ubercart | 5.x-1.0 | cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha6c:*:*:*:*:*:* |
| ubercart | ubercart | 5.x-1.0 | cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha7:*:*:*:*:*:* |
Related
prion
prion
Code injection
2010-04-20 14:30:00
cvelist
cvelist
CVE-2009-4771
2010-04-20 14:00:00
nvd
nvd
CVE-2009-4771
2010-04-20 14:30:01
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.9
Confidence
Low
EPSS
0.004
Percentile
75.0%
Related for CVE-2009-4771