Lucene search
K

4 matches found

CNNVD
CNNVD
added 2022/06/09 12:0 a.m.5 views

silverstripe-omnipay 安全漏洞

silverstripe-omnipay is a SilverStripe integration with the Omnipay PHP payment library. A security vulnerability exists in silverstripe-omnipay, which stems from the fact that for a subset of Omnipay gateways, if a payment identifier or URL is successfully disclosed, a payment may be prematurely...

6.5CVSS6.4AI score0.00618EPSS
Exploits0References3
Veracode
Veracode
added 2022/06/07 5:36 a.m.25 views

Insecure Payment Verification

silverstripe/silverstripe-omnipay is vulnerable to insecure payment verification. An attacker is able to manipulate the payment process to prematurely mark it as payment completed without it in fact being carried out, when the payment identifier or success URL is exposed...

6.5CVSS6.3AI score0.00618EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2022/06/06 9:24 p.m.17 views

GHSA-48F2-M7JG-866X Failed payment recorded has completed in Silverstripe Omnipay

Impact For a subset of Omnipay gateways those that use intermediary states like isNotification or isRedirect, if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as completed without payment being taken. This is mitigated by the fact that most...

3.7CVSS5AI score0.00618EPSS
Exploits0References8
OSV
OSV
added 2022/06/06 7:35 p.m.27 views

CVE-2022-29254 Failed payment recorded has completed in silverstripe/silverstripe-omnipay

silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways those that use intermediary states like isNotification or isRedirect, if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as...

3.7CVSS6.3AI score0.00618EPSS
Exploits0References4
Rows per page
Query Builder