Lucene search
HistorySep 19, 2012 - 7:55 p.m.
CVE-2012-2991
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.5
Confidence
High
EPSS
0.002
Percentile
59.7%
The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchant’s e-mail address, as demonstrated by setting the recipient to one’s self.
Affected configurations
Node
oscommerceonline_merchantRange≤2.3.3
ORoscommerceonline_merchantMatch2.3.0
ORoscommerceonline_merchantMatch2.3.1
ORoscommerceonline_merchantMatch2.3.2
ORpaypalwebsite_payments_standard_moduleRange≤1.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| oscommerce | online_merchant | * | cpe:2.3:a:oscommerce:online_merchant:*:*:*:*:*:*:*:* |
| oscommerce | online_merchant | 2.3.0 | cpe:2.3:a:oscommerce:online_merchant:2.3.0:*:*:*:*:*:*:* |
| oscommerce | online_merchant | 2.3.1 | cpe:2.3:a:oscommerce:online_merchant:2.3.1:*:*:*:*:*:*:* |
| oscommerce | online_merchant | 2.3.2 | cpe:2.3:a:oscommerce:online_merchant:2.3.2:*:*:*:*:*:*:* |
| paypal | website_payments_standard_module | * | cpe:2.3:a:paypal:website_payments_standard_module:*:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2012-2991
2012-09-19 19:55:05
cert
cert
prion
prion
Code injection
2012-09-19 19:55:00
cvelist
cvelist
CVE-2012-2991
2012-09-19 19:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.5
Confidence
High
EPSS
0.002
Percentile
59.7%
Related for NVD:CVE-2012-2991