2012-09-19 19:00:00
certcc
PUBLISHED
The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchants e-mail address, as demonstrated by setting the recipient to ones self.