2 matches found
CVE-2014-10067
paypal-ipn before 3.0.0 uses the testipn parameter which is set by the PayPal IPN simulator to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attacker could craft a request using the simulator that would fool any application which does not explicitly...
CVE-2014-10067
CVE-2014-10067 affects the paypal-ipn package up to version 2.x; a validation bypass exists due to the test_ipn parameter (set by the PayPal IPN simulator) that determines whether to use production or sandbox. An attacker could craft a request via the simulator to force sandbox mode, potentially ...