Lucene search
+L

4 matches found

nvd
nvd
added 2026/03/26 10:16 p.m.8 views

CVE-2026-33661

Pay is an open-source payment SDK extension package for various Chinese payment services. Prior to version 3.7.20, the verifywechatsign function in src/Functions.php unconditionally skips all signature verification when the PSR-7 request reports localhost as the host. An attacker can exploit this...

8.6CVSS0.00503EPSS
Exploits1References3
attackerkb
attackerkb
added 2026/03/26 9:5 p.m.12 views

CVE-2026-33661

Pay is an open-source payment SDK extension package for various Chinese payment services. Prior to version 3.7.20, the verifywechatsign function in src/Functions.php unconditionally skips all signature verification when the PSR-7 request reports localhost as the host. An attacker can exploit this...

8.6CVSS5.8AI score0.00503EPSS
Exploits1References4Affected Software1
cnnvd
cnnvd
added 2026/03/26 12:0 a.m.9 views

pay 安全漏洞

Pay is a PHP payment development tool developed by Yansongda’s individual developers, supporting multiple payment channels. Versions of Pay prior to 3.7.20 contained security vulnerabilities. These vulnerabilities stemmed from the verifywechatsign function, which unconditionally skipped signature...

8.6CVSS5.8AI score0.00503EPSS
Exploits1References3
snyk
snyk
added 2026/03/25 7:30 p.m.2 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the verifywechatsign function. An attacker can cause unauthorized order status changes by sending a crafted HTTP request with a Host: localhost header, which bypasses signature verification and allows forging...

8.7CVSS5.9AI score0.00503EPSS
Exploits1References2
Rows per page
Query Builder