Lucene search

RedhatCVELIST:CVE-2012-2116

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-2116

2022-10-0316:15:37

redhat

www.cve.org

cve-2012-2116

csrf

vulnerability

commerce reorder

drupal

hijack authentication

shopping cart

7.2 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.4%

JSON

Cross-site request forgery (CSRF) vulnerability in the Commerce Reorder module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that add items to the shopping cart.

References

drupal.org/node/1538198

drupalcode.org/project/commerce_reorder.git/commit/bf060ab

secunia.com/advisories/48912

www.openwall.com/lists/oss-security/2012/04/18/11

www.openwall.com/lists/oss-security/2012/04/19/1