CVE-2014-9026 Information

Description

The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view which allows remote authenticated users with the \view own orders\ permission to obtain sensitive information via unspecified vectors.

Reference

https://www.drupal.org/node/2336109 https://www.drupal.org/node/2336259