Improper input validation in Paypal Payments_pro
CVE-2012-5806
The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.006 (42.4th percentile) — read the EPSS interpretation.
Affected products
- Paypal Payments_pro
- Zen-cart Zen_cart
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (Exploit, x_refsource_MISC)