Vulnerability Details CVE-2015-7231
The Commerce Commonwealth (CBA) module 7.x-1.x before 7.x-1.5 for Drupal does not properly validate payments, which allows remote attackers to make a failed payment appear valid via a crafted URL, related to a "response from commweb."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.0%
CVSS Severity
CVSS v2 Score 5.0
References
Products affected by CVE-2015-7231
-
cpe:2.3:a:drupalcommerce:commerce_commonwealth:7.x-1.0
-
cpe:2.3:a:drupalcommerce:commerce_commonwealth:7.x-1.1
-
cpe:2.3:a:drupalcommerce:commerce_commonwealth:7.x-1.2
-
cpe:2.3:a:drupalcommerce:commerce_commonwealth:7.x-1.3
-
cpe:2.3:a:drupalcommerce:commerce_commonwealth:7.x-1.4