Remote Payment Recipient Manipulation in CS-Cart by PayPal Standard Payments
CVE-2013-0118

Currently unrated

Key Information:

Vendor: Cs-cart
Status: Cs-cart
Vendor: CVE Published:; 24 February 2013

What is CVE-2013-0118?

A vulnerability in versions of CS-Cart prior to 3.0.6 exists when PayPal Standard Payments is configured. This flaw enables remote attackers to alter the payment recipient by modifying the merchant's email address in the payment process. Attackers can exploit this vulnerability to redirect funds intended for legitimate recipients to their own accounts, posing significant financial risks to users who rely on this e-commerce platform.

References

http://www.kb.cert.org/vuls/id/583564

third-party-advisoryx_refsource_CERT-VN

http://www.kb.cert.org/vuls/id/BLUU-949PQL

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Feb 24, 2013

Cs-cart

What is CVE-2013-0118?

References

Timeline