5 matches found
Code injection
CS-Cart before 3.0.6, when PayPal Standard Payments is configured, allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self...
CVE-2013-0118
CVE-2013-0118 affects CS-Cart prior to 3.0.6 where PayPal Standard Payments is configured. The vulnerability allows a remote attacker to change the payment recipient by sending a modified merchant email address, effectively setting the recipient to themselves. The NVD lists a base score of 5.0 (M...
CVE-2012-2991
The PayPal aka MODULEPAYMENTPAYPALSTANDARD module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self...
Code injection
The PayPal aka MODULEPAYMENTPAYPALSTANDARD module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self...
CVE-2012-2991
The PayPal aka MODULEPAYMENTPAYPALSTANDARD module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self...