CVE-2012-2991

Published: Sep 19, 2012Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self.

Affected (5)

Products: Oscommerce: Online Merchant · Paypal: Website Payments Standard Module

Oscommerce

1 product

Online Merchant

Paypal

1 product

Website Payments Standard Module

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Oscommerce Online Merchant	Up to 2.3.3
Oscommerce Online Merchant	Version 2.3.0
Oscommerce Online Merchant	Version 2.3.1
Oscommerce Online Merchant	Version 2.3.2
Paypal Website Payments Standard Module	Up to 1.0

References (4)

http://secunia.com/advisories/50640

Source: cret@cert.org

http://www.kb.cert.org/vuls/id/459446

Source: cret@cert.org

US Government Resource

http://secunia.com/advisories/50640

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/459446

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

Timeline

No history available yet.