MidnightBSD

Advisories for commerceguys

CVE-2014-9025 MEDIUM

The default checkout completion rule in the commerce_order module in the Drupal Commerce module 7.x-1.x before 7.x-1.10 for Drupal uses the email address as the username for new accounts created at checkout, which allows remote attackers to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
commerceguys commerce 7.x-1.0
commerceguys commerce 7.x-1.1