CVE-2009-4773

Cross-site request forgery (CSRF) vulnerability in the order-management functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Published: Apr 20, 2010
Updated: Apr 13, 2023
CVE: CVE-2009-4773
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
ubercart / ubercart	5.x-1.0-rc2	5.x-1.0-rc2.x
ubercart / ubercart	5.x-1.0-beta5	5.x-1.0-beta5.x
ubercart / ubercart	5.x-1.0-alpha7d	5.x-1.0-alpha7d.x
ubercart / ubercart	5.x-1.0-alpha7c	5.x-1.0-alpha7c.x
ubercart / ubercart	5.x-1.0-alpha2	5.x-1.0-alpha2.x
ubercart / ubercart	5.x-1.0-beta2	5.x-1.0-beta2.x
ubercart / ubercart	5.x-1.0-rc5	5.x-1.0-rc5.x
ubercart / ubercart	5.x-1.0-alpha6b	5.x-1.0-alpha6b.x
ubercart / ubercart	5.x-1.0-alpha6c	5.x-1.0-alpha6c.x
ubercart / ubercart	5.x-1.0-rc3	5.x-1.0-rc3.x
ubercart / ubercart	5.x-1.0-beta7	5.x-1.0-beta7.x
ubercart / ubercart	5.x-1.0-alpha4	5.x-1.0-alpha4.x
ubercart / ubercart	5.x-1.0-alpha5	5.x-1.0-alpha5.x
ubercart / ubercart	5.x-1.0-alpha7b	5.x-1.0-alpha7b.x
ubercart / ubercart	5.x-1.0-alpha1	5.x-1.0-alpha1.x
ubercart / ubercart	5.x-1.0-alpha7	5.x-1.0-alpha7.x
ubercart / ubercart	5.x-1.0-beta4	5.x-1.0-beta4.x
ubercart / ubercart	5.x-1.0-rc4	5.x-1.0-rc4.x
ubercart / ubercart	5.x-1.0-alpha8	5.x-1.0-alpha8.x
ubercart / ubercart	5.x-1.0-alpha7e	5.x-1.0-alpha7e.x
ubercart / ubercart	5.x-1.0-alpha3	5.x-1.0-alpha3.x
ubercart / ubercart	5.x-1.0-beta3	5.x-1.0-beta3.x
ubercart / ubercart	5.x-1.0-alpha6	5.x-1.0-alpha6.x
ubercart / ubercart	5.x-1.0-beta1	5.x-1.0-beta1.x
ubercart / ubercart	5.x-1.0	5.x-1.0.x
ubercart / ubercart	5.x-1.0-beta6	5.x-1.0-beta6.x
ubercart / ubercart	5.x-1.0-rc1	5.x-1.0-rc1.x
ubercart / ubercart	5.x-1.1	5.x-1.1.x
ubercart / ubercart	5.x-1.2	5.x-1.2.x
ubercart / ubercart	5.x-1.3-rc1	5.x-1.3-rc1.x
ubercart / ubercart	5.x-1.3	5.x-1.3.x
ubercart / ubercart	5.x-1.4	5.x-1.4.x
ubercart / ubercart	5.x-1.5	5.x-1.5.x
ubercart / ubercart	5.x-1.6	5.x-1.6.x
ubercart / ubercart	5.x-1.7	5.x-1.7.x
ubercart / ubercart	5.x-1.8	5.x-1.8.x
ubercart / ubercart	6.x-2.0-beta6	6.x-2.0-beta6.x
ubercart / ubercart	6.x-2.0-dev	6.x-2.0-dev.x
ubercart / ubercart	6.x-2.0-beta4	6.x-2.0-beta4.x
ubercart / ubercart	6.x-2.0-beta3	6.x-2.0-beta3.x
ubercart / ubercart	6.x-2.0-beta2	6.x-2.0-beta2.x
ubercart / ubercart	6.x-2.0-beta1	6.x-2.0-beta1.x
ubercart / ubercart	6.x-2.0	6.x-2.0.x
ubercart / ubercart	6.x-2.0-rc1	6.x-2.0-rc1.x
ubercart / ubercart	6.x-2.0-rc6	6.x-2.0-rc6.x
ubercart / ubercart	6.x-2.0-rc7	6.x-2.0-rc7.x
ubercart / ubercart	6.x-2.0-rc3	6.x-2.0-rc3.x
ubercart / ubercart	6.x-2.0-rc2	6.x-2.0-rc2.x
ubercart / ubercart	6.x-2.0-rc5	6.x-2.0-rc5.x
ubercart / ubercart	6.x-2.0-beta5	6.x-2.0-beta5.x
ubercart / ubercart	6.x-2.0-rc4	6.x-2.0-rc4.x

Vulnerability Database

289,689

CVE-2009-4773