Remote Code Execution in osCommerce PayPal Module by PayPal
CVE-2012-2991

Currently unrated

Key Information:

Vendor: Oscommerce
Status: Online Merchant; Website Payments Standard Module
Vendor: CVE Published:; 19 September 2012

What is CVE-2012-2991?

The PayPal module for osCommerce Online Merchant, prior to version 2.3.4, is susceptible to a security flaw that permits remote attackers to manipulate the merchant's email address field within payment transactions. This vulnerability allows attackers to redirect funds intended for legitimate merchants to themselves, thereby compromising the integrity of the payment processing system. Proper validation of the payment recipient's email address is crucial to prevent unauthorized modifications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.kb.cert.org/vuls/id/459446

third-party-advisoryx_refsource_CERT-VN

http://secunia.com/advisories/50640

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Sep 19, 2012
Vulnerability Reserved
May 30, 2012

JSON

Oscommerce

What is CVE-2012-2991?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.