CVE-2015-7231

2022-10-0316:15:55

CWE-20

[email protected]

web.nvd.nist.gov

cve-2015-7231

commerce commonwealth

cba module

drupal

payment validation

remote attackers

crafted url

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.9%

JSON

The Commerce Commonwealth (CBA) module 7.x-1.x before 7.x-1.5 for Drupal does not properly validate payments, which allows remote attackers to make a failed payment appear valid via a crafted URL, related to a “response from commweb.”

Affected configurations

NVD

Node

drupalcommercecommerce_commonwealthMatch7.x-1.0drupal

drupalcommercecommerce_commonwealthMatch7.x-1.1drupal

drupalcommercecommerce_commonwealthMatch7.x-1.2drupal

drupalcommercecommerce_commonwealthMatch7.x-1.3drupal

drupalcommercecommerce_commonwealthMatch7.x-1.4drupal

CPENameOperatorVersion
drupalcommerce:commerce_commonwealthdrupalcommerce commerce commonwealtheq7.x-1.0
drupalcommerce:commerce_commonwealthdrupalcommerce commerce commonwealtheq7.x-1.1
drupalcommerce:commerce_commonwealthdrupalcommerce commerce commonwealtheq7.x-1.2
drupalcommerce:commerce_commonwealthdrupalcommerce commerce commonwealtheq7.x-1.3
drupalcommerce:commerce_commonwealthdrupalcommerce commerce commonwealtheq7.x-1.4

CPE	Name	Operator	Version
drupalcommerce:commerce_commonwealth	drupalcommerce commerce commonwealth	eq	7.x-1.0
drupalcommerce:commerce_commonwealth	drupalcommerce commerce commonwealth	eq	7.x-1.1
drupalcommerce:commerce_commonwealth	drupalcommerce commerce commonwealth	eq	7.x-1.2
drupalcommerce:commerce_commonwealth	drupalcommerce commerce commonwealth	eq	7.x-1.3
drupalcommerce:commerce_commonwealth	drupalcommerce commerce commonwealth	eq	7.x-1.4