CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-2991

The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 55.0%

CVSS Severity

CVSS v2 Score 5.0

References

Products affected by CVE-2012-2991

Oscommerce » Online Merchant » Version: 2.3

cpe:2.3:a:oscommerce:online_merchant:2.3
Oscommerce » Online Merchant » Version: 2.3.0

cpe:2.3:a:oscommerce:online_merchant:2.3.0
Oscommerce » Online Merchant » Version: 2.3.1

cpe:2.3:a:oscommerce:online_merchant:2.3.1
Oscommerce » Online Merchant » Version: 2.3.2

cpe:2.3:a:oscommerce:online_merchant:2.3.2
Oscommerce » Online Merchant » Version: 2.3.3

cpe:2.3:a:oscommerce:online_merchant:2.3.3
Paypal » Website Payments Standard Module » Version: 1.0

cpe:2.3:a:paypal:website_payments_standard_module:1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-2991

Products

Pricing

Contact Us