Unrated severityNVD Advisory· Published Nov 6, 2012· Updated Apr 29, 2026

CVE-2011-5238

Description

google-checkout-php-sample-code before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Affected products

Google/Checkout Php7 versions
cpe:2.3:a:google:checkout-php:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:google:checkout-php:*:*:*:*:*:*:*:*range: <=1.3.1
- cpe:2.3:a:google:checkout-php:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:checkout-php:1.2.1:beta:*:*:*:*:*:*
- cpe:2.3:a:google:checkout-php:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:google:checkout-php:1.2.5a:*:*:*:*:*:*:*
- cpe:2.3:a:google:checkout-php:1.2:beta:*:*:*:*:*:*
- cpe:2.3:a:google:checkout-php:1.3.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000