The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchant’s e-mail address, as demonstrated by setting the recipient to one’s self.
CPE | Name | Operator | Version |
---|---|---|---|
online_merchant | eq | 2.3.2 | |
online_merchant | le | 2.3.3 | |
online_merchant | eq | 2.3.1 | |
online_merchant | eq | 2.3.0 | |
website_payments_standard_module | le | 1.0 |