• Advisory ID: SA-CONTRIB-2012-112
  • Project: Ubercart SecureTrading Payment Method (third-party module)
  • Version: 6.x
  • Date: 2012-July-11
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Failure to follow guideline/specification - integrity check value


The Ubercart SecureTrading Payment Method module provides an Ubercart payment method for the SecureTrading.com gateway.

The module's payment method did not properly verify the validity of payment notification information. A malicious user could trick a site into thinking that an item has been paid for when in fact it hasn't. If you do not use the Ubercart SecureTrading Payment Method payment method then your site is not at risk to this vulnerability.

CVE: Requested

Versions affected

  • All versions of the Ubercart SecureTrading Payment Method module.

Drupal core is not affected. If you do not use the contributed Ubercart SecureTrading Payment Method module, there is nothing you need to do.


There is not currently a fixed version of the module. You should disable the module immediately.

You can:

  • Change to a new gateway.
  • Work with the module maintainer and/or other users to patch the module.

Also see the Ubercart SecureTrading Payment Method project page.

Reported by

Fixed by

No fix provided.

Coordinated by

Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.