PT-2012-6113 · Paypal+1 · Paypal+1

Published

2012-11-04

Updated

2012-11-05

CVE-2012-5801

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions PrestaShop (affected versions not specified)

Description The issue concerns the PayPal module in PrestaShop, which fails to verify the server hostname against the domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate. This allows man-in-the-middle attackers to spoof SSL servers using any valid certificate, related to the use of the PHP fsockopen function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2012-5801

Affected Products

Paypal

Prestashop

PT-2012-6113 · Paypal+1 · Paypal+1

CVE-2012-5801

Weakness Enumeration

Related Identifiers

Affected Products

References · 2