The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage.
References
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2012-06-26 17:55
Updated : 2017-08-28 18:31
NVD link : CVE-2012-2731
Mitre link : CVE-2012-2731
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
richardo_ante
- ubercart_ajax_cart
drupal
- drupal