2 matches found
CVE-2026-15502
A vulnerability was detected in AojiaoZero Antaris 1.0. This affects the function rewardPurchase of the file /ipn.php of the component PayPal IPN Payment Handler. The manipulation of the argument itemnumber results in sql injection. The attack may be performed from remote. The vendor was contacte...
CVE-2026-39366 WWBN AVideo Affected by a PayPal IPN Replay Attack Enabling Wallet Balance Inflation via Missing Transaction Deduplication in ipn.php
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the PayPal IPN v1 handler at plugin/PayPalYPT/ipn.php lacks transaction deduplication, allowing an attacker to replay a single legitimate IPN notification to repeatedly inflate their wallet balance and renew subscriptions...