4 matches found
CVE-2026-39366
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the PayPal IPN v1 handler at plugin/PayPalYPT/ipn.php lacks transaction deduplication, allowing an attacker to replay a single legitimate IPN notification to repeatedly inflate their wallet balance and renew subscriptions...
CVE-2026-39366
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the PayPal IPN v1 handler at plugin/PayPalYPT/ipn.php lacks transaction deduplication, allowing an attacker to replay a single legitimate IPN notification to repeatedly inflate their wallet balance and renew subscriptions...
WWBN AVideo 数据伪造问题漏洞
WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a data manipulation vulnerability. This vulnerability stemmed from a lack of transaction deduplication in the PayPal IPN v1 handler, which could allow attackers to...
paypal-ipn spoofing vulnerability
paypal-ipn is a node.js package for validating PayPal IPN messages. A security vulnerability exists in paypal-ipn versions prior to 3.0.0. An attacker can exploit this vulnerability by using an emulator build request to spoof arbitrary applications that do not detect the 'testipn' parameter...