EUVD-2015-7162

Malware in sbrugna...

Design/Logic Flaw

The Commerce Commonwealth CBA module 7.x-1.x before 7.x-1.5 for Drupal does not properly validate payments, which allows remote attackers to make a failed payment appear valid via a crafted URL, related to a "response from commweb."...

CVE-2015-7231

The Commerce Commonwealth CBA module 7.x-1.x before 7.x-1.5 for Drupal does not properly validate payments, which allows remote attackers to make a failed payment appear valid via a crafted URL, related to a "response from commweb."...

CVE-2015-7231

The Drupal Commerce Commonwealth (CBA) module for Drupal 7.x-1.x is affected by an input validation flaw in payment processing. Specifically, versions prior to 7.x-1.5 do not sufficiently validate gateway interactions, allowing a remote attacker to craft a URL that makes a failed payment appear v...

Drupal Commerce Commonwealth module authentication bypass vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community. commerce Commonwealth is one of the modules that integrates the Commonwealth Bank of Australia CBA into the Drupal e-commerce payment and settlement system. An authentication bypass...

Commerce Commonwealth (CBA) - Moderately Critical - Insufficient Verification of API Data - SA-CONTRIB-2015-136

This module enables you to pay for items on Drupal Commerce, using Commerce Commonwealth payment gateway. The module doesn't sufficiently validate the payment under certain specific scenarios. A malicious user can modify the urls used in gateway interaction with Commbank to make a failed payment...