CVE-2012-4934

Current Description

TomatoCart 1.1.7, when the PayPal Express Checkout module is enabled in sandbox mode, allows remote authenticated users to bypass intended payment requirements by modifying a certain redirection URL.

Basic Data

PublishedOctober 31, 2012
Last ModifiedAugust 29, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-264
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score3.5
SeverityLOW
Exploitability Score6.8
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationTomatocartTomatocart1.1.7*******

Vulnerable Software List

VendorProductVersions
Tomatocart Tomatocart 1.1.7

References

NameSourceURLTags
86883http://osvdb.org/86883OSVDB
VU#207540http://www.kb.cert.org/vuls/id/207540CERT-VNUS Government Resource
56333http://www.securityfocus.com/bid/56333BID
tomatocart-paypal-sec-bypass(79696)https://exchange.xforce.ibmcloud.com/vulnerabilities/79696XF