CVE-2012-2301

medium

Published 2014-11-16 · Modified 2026-05-06

CVSS v3

—

CVSS v2

6.0

VIR risk

6.0

Description

The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer product classes" permission to execute arbitrary PHP code via unspecified vectors.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://drupal.org/node/1547674

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://drupal.org/node/1547508

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://drupal.org/node/1547506

Application impact

Vendor	Product	Versions
ubercart	ubercart	`6.x-2.0`
ubercart	ubercart	`6.x-2.1`
ubercart	ubercart	`6.x-2.2`
ubercart	ubercart	`6.x-2.3`
ubercart	ubercart	`6.x-2.4`
ubercart	ubercart	`6.x-2.6`
ubercart	ubercart	`6.x-2.7`

References

http://drupal.org/node/1547506
http://drupal.org/node/1547508
http://drupal.org/node/1547674
http://secunia.com/advisories/48935
http://www.openwall.com/lists/oss-security/2012/05/03/1
http://www.openwall.com/lists/oss-security/2012/05/03/2
http://www.securityfocus.com/bid/53251
http://drupal.org/node/1547506
http://drupal.org/node/1547508
http://drupal.org/node/1547674
http://secunia.com/advisories/48935
http://www.openwall.com/lists/oss-security/2012/05/03/1
http://www.openwall.com/lists/oss-security/2012/05/03/2
http://www.securityfocus.com/bid/53251

CWEs

CWE-94

Verify integrity in audit chain (admin only). AS-IS.