Security Advisory

CVE-2012-2991

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2012-09-19 19:00:00

Last updated 2024-08-06 19:50:05

Assigner certcc

State PUBLISHED

Description

The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchants e-mail address, as demonstrated by setting the recipient to ones self.

← Browse all CVEs View on cve.org ↗