Improper input validation in Paypal Instant_payment_notification
CVE-2012-5805
The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof S…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.006 (42.4th percentile) — read the EPSS interpretation.
Affected products
- Paypal Instant_payment_notification
- Zen-cart Zen_cart
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (Exploit, x_refsource_MISC)