Lucene search
MitreCVELIST:CVE-2020-8818HistoryFeb 25, 2020 - 1:20 a.m.
CVE-2020-8818
2020-02-2501:20:39
mitre
www.cve.org
An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of the subsequent payments.
Related
cve
cve
CVE-2020-8818
2020-02-25 02:15:12
exploitpack
exploitpack
Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass
2020-02-25 00:00:00
osv
osv
Origin Validation Error in Magento 2
2021-10-12 16:30:58
CVE-2020-8818
2020-02-25 02:15:12
github
github
Origin Validation Error in Magento 2
2021-10-12 16:30:58
prion
prion
Authentication flaw
2020-02-25 02:15:00
nvd
nvd
CVE-2020-8818
2020-02-25 02:15:12
exploitdb
exploitdb
Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass
2020-02-25 00:00:00
packetstorm
packetstorm
Magento WooCommerce CardGate Payment Gateway 2.0.30 Bypass
2020-02-25 00:00:00
veracode
veracode
Authentication Bypass
2020-02-26 03:07:54
attackerkb
attackerkb
CVE-2020-8818
2020-02-25 00:00:00