PT-2012-4418 · Paypal+1 · Paypal+1

Giancarlo Pellegrino

Publicado

2012-09-19

Atualizado

2013-03-02

CVE-2012-2991

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions osCommerce Online Merchant versions prior to 2.3.4 PayPal (aka MODULE PAYMENT PAYPAL STANDARD) module version prior to 1.1

Description The issue allows remote attackers to modify the payment recipient by altering the merchant's e-mail address, potentially redirecting payments to an unauthorized account.

Recommendations For osCommerce Online Merchant versions prior to 2.3.4, update to version 2.3.4 or later. For PayPal (aka MODULE PAYMENT PAYPAL STANDARD) module version prior to 1.1, update to version 1.1 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2012-2991

Produtos afetados

Paypal

Oscommerce Online Merchant

PT-2012-4418 · Paypal+1 · Paypal+1

CVE-2012-2991

Identificadores relacionados

Produtos afetados

Referências · 3