7.1 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
50.9%
The Commerce Commonwealth (CBA) module 7.x-1.x before 7.x-1.5 for Drupal does not properly validate payments, which allows remote attackers to make a failed payment appear valid via a crafted URL, related to a “response from commweb.”
www.drupal.org/node/2541832
www.drupal.org/node/2542380