PT-2012-5668 · Paypal+1 · Paypal Express Checkout+1
Giancarlo Pellegrino
·
Published
2012-10-31
·
Updated
2017-08-29
·
CVE-2012-4934
CVSS v2.0
3.5
Low
| Vector | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
TomatoCart version 1.1.7
Description
The issue allows remote authenticated users to bypass intended payment requirements. This is possible when the PayPal Express Checkout module is enabled in sandbox mode, and a certain redirection URL is modified.
Recommendations
For TomatoCart version 1.1.7, consider disabling the PayPal Express Checkout module in sandbox mode until a patch is available. Restrict access to the module to minimize the risk of exploitation. Avoid using the sandbox mode in the PayPal Express Checkout module until the issue is resolved.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Paypal Express Checkout
Tomatocart