CVE-2012-4934

Name of the Vulnerable Software and Affected Versions TomatoCart version 1.1.7

Description The issue allows remote authenticated users to bypass intended payment requirements. This is possible when the PayPal Express Checkout module is enabled in sandbox mode, and a certain redirection URL is modified.

Recommendations For TomatoCart version 1.1.7, consider disabling the PayPal Express Checkout module in sandbox mode until a patch is available. Restrict access to the module to minimize the risk of exploitation. Avoid using the sandbox mode in the PayPal Express Checkout module until the issue is resolved.