CVE-2012-2116

EUVD-2012-2118
Cross-site request forgery (CSRF) vulnerability in the Commerce Reorder module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that add items to the shopping cart.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
Affected Products (NVD)
VendorProductVersion
commerceguyscommerce_reorder
𝑥
≤ 7.x-1.0
commerceguyscommerce_reorder
7.x-1.x:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/1538198
http://drupalcode.org/project/commerce_reorder.git/commit/bf060ab
http://secunia.com/advisories/48912
http://www.openwall.com/lists/oss-security/2012/04/18/11
http://www.openwall.com/lists/oss-security/2012/04/19/1
http://drupal.org/node/1538198
http://drupalcode.org/project/commerce_reorder.git/commit/bf060ab
http://secunia.com/advisories/48912
http://www.openwall.com/lists/oss-security/2012/04/18/11
http://www.openwall.com/lists/oss-security/2012/04/19/1