Lucene search
Veracode Vulnerability DatabaseVERACODE:22579HistoryFeb 26, 2020 - 3:07 a.m.
Authentication Bypass
2020-02-2603:07:54
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.108 Low
EPSS
Percentile
95.1%
cardgate/magento2 is vulnerable to authentication bypass. The Instant Payment Notification (IPN) callback processing function in Controller/Payment/Callback.php fails to authenticate the origin of IPN callback requests, allowing an attacker to spoof payments by sending the request with a valid signature but fake payment and/or receive all of the subsequent payments.
| CPE | Name | Operator | Version |
|---|---|---|---|
| cardgate/magento2 | le | 2.0.31 |
References
packetstormsecurity.com/files/156505/Magento-WooCommerce-CardGate-Payment-Gateway-2.0.30-Bypass.html
github.com/cardgate/magento2/blob/715979e54e1a335d78a8c5586f9e9987c3bf94fd/Controller/Payment/Callback.php#L88-L107
github.com/cardgate/magento2/issues/54
packetstormsecurity.com/files/156505/Magento-WooCommerce-CardGate-Payment-Gateway-2.0.30-Bypass.html
Related
cve
cve
CVE-2020-8818
2020-02-25 02:15:12
exploitpack
exploitpack
Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass
2020-02-25 00:00:00
osv
osv
Origin Validation Error in Magento 2
2021-10-12 16:30:58
CVE-2020-8818
2020-02-25 02:15:12
github
github
Origin Validation Error in Magento 2
2021-10-12 16:30:58
prion
prion
Authentication flaw
2020-02-25 02:15:00
nvd
nvd
CVE-2020-8818
2020-02-25 02:15:12
exploitdb
exploitdb
Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass
2020-02-25 00:00:00
cvelist
cvelist
CVE-2020-8818
2020-02-25 01:20:39
packetstorm
packetstorm
Magento WooCommerce CardGate Payment Gateway 2.0.30 Bypass
2020-02-25 00:00:00
attackerkb
attackerkb
CVE-2020-8818
2020-02-25 00:00:00