CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.7%
This module enables you add the Novalnet payment service provider to Ubercart.
The module fails to sanitize a database query by not using the database API properly, thereby leading to a SQL Injection vulnerability. Since the affected path is not protected against CSRF, a malicious user can exploit this vulnerability by triggering a request to a specially-crafted URL.
This vulnerability is mitigated by the fact that the malicious request must come from a specific Novalnet IP address.
Drupal core is not affected. If you do not use the contributed Novalnet Payment Module Ubercart module, there is nothing you need to do.
If you use the Novalnet Payment Module Ubercart module you should uninstall it.
Also see the Novalnet Payment Module Ubercart project page.
Not applicable.