CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
59.7%
The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchant’s e-mail address, as demonstrated by setting the recipient to one’s self.
Vendor | Product | Version | CPE |
---|---|---|---|
oscommerce | online_merchant | * | cpe:2.3:a:oscommerce:online_merchant:*:*:*:*:*:*:*:* |
oscommerce | online_merchant | 2.3.0 | cpe:2.3:a:oscommerce:online_merchant:2.3.0:*:*:*:*:*:*:* |
oscommerce | online_merchant | 2.3.1 | cpe:2.3:a:oscommerce:online_merchant:2.3.1:*:*:*:*:*:*:* |
oscommerce | online_merchant | 2.3.2 | cpe:2.3:a:oscommerce:online_merchant:2.3.2:*:*:*:*:*:*:* |
paypal | website_payments_standard_module | * | cpe:2.3:a:paypal:website_payments_standard_module:*:*:*:*:*:*:*:* |