CVE-2012-4934 : TomatoCart 1.1.7, when the PayPal Express Checkout module is enabled in sandbox mode, allows remote authenticated users

TomatoCart 1.1.7, when the PayPal Express Checkout module is enabled in sandbox mode, allows remote authenticated users to bypass intended payment requirements by modifying a certain redirection URL.

Published 2012-10-31 10:50:32

Updated 2017-08-29 01:32:26

Source CERT/CC

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2012-4934

Probability of exploitation activity in the next 30 days: 0.30%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 66 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-4934

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.5	LOW	AV:N/AC:M/Au:S/C:N/I:P/A:N	6.8	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2012-4934

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-4934

https://exchange.xforce.ibmcloud.com/vulnerabilities/79696

TomatoCart PayPal security bypass CVE-2012-4934 Vulnerability Report
http://www.securityfocus.com/bid/56333

TomatoCart PayPal Express Checkout Module Security Bypass Vulnerability
http://www.kb.cert.org/vuls/id/207540

VU#207540 - TomatoCart with PayPal Express Checkout design flaw vulnerability
US Government Resource

Products affected by CVE-2012-4934

Tomatocart » Tomatocart » Version: 1.1.7
cpe:2.3:a:tomatocart:tomatocart:1.1.7:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2012-4934

Exploit prediction scoring system (EPSS) score for CVE-2012-4934

CVSS scores for CVE-2012-4934

CWE ids for CVE-2012-4934

References for CVE-2012-4934

Products affected by CVE-2012-4934