cardgate/magento2 is vulnerable to authentication bypass. The Instant Payment Notification (IPN) callback processing function in Controller/Payment/Callback.php
fails to authenticate the origin of IPN callback requests, allowing an attacker to spoof payments by sending the request with a valid signature but fake payment and/or receive all of the subsequent payments.
CPE | Name | Operator | Version |
---|---|---|---|
cardgate/magento2 | le | 2.0.31 |
packetstormsecurity.com/files/156505/Magento-WooCommerce-CardGate-Payment-Gateway-2.0.30-Bypass.html
github.com/cardgate/magento2/blob/715979e54e1a335d78a8c5586f9e9987c3bf94fd/Controller/Payment/Callback.php#L88-L107
github.com/cardgate/magento2/issues/54
packetstormsecurity.com/files/156505/Magento-WooCommerce-CardGate-Payment-Gateway-2.0.30-Bypass.html