Drupal · Commerce Commonwealth (Cba) Module · CVE-2015-7231
**Name of the Vulnerable Software and Affected Versions**
Commerce Commonwealth (CBA) module versions 7.x-1.x through 7.x-1.4
**Description**
The issue is related to improper validation of payments, allowing remote attackers to make a failed payment appear valid by using a crafted URL. This is related to a response from commweb.
**Recommendations**
For versions 7.x-1.x through 7.x-1.4, update to version 7.x-1.5 or later to resolve the issue.