The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self.
References
Link | Resource |
---|---|
http://secunia.com/advisories/50640 | |
http://www.kb.cert.org/vuls/id/459446 | US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: certcc
Published: 2012-09-19T19:00:00
Updated: 2013-03-02T10:00:00
Reserved: 2012-05-30T00:00:00
Link: CVE-2012-2991
JSON object: View
NVD Information
Status : Modified
Published: 2012-09-19T19:55:05.233
Modified: 2013-03-02T04:42:57.600
Link: CVE-2012-2991
JSON object: View
Redhat Information
No data.
CWE