The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module prior to 1.1 in osCommerce Online Merchant prior to 2.3.4 allows remote malicious users to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oscommerce online merchant 2.3.2 |
||
oscommerce online merchant |
||
oscommerce online merchant 2.3.0 |
||
oscommerce online merchant 2.3.1 |
||
paypal website payments standard module |