Unrated severityNVD Advisory· Published Nov 6, 2012· Updated Jun 16, 2026
CVE-2011-5238
CVE-2011-5238
Description
google-checkout-php-sample-code before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8cpe:2.3:a:google:checkout-php:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:google:checkout-php:*:*:*:*:*:*:*:*range: <=1.3.1
- cpe:2.3:a:google:checkout-php:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:checkout-php:1.2.1:beta:*:*:*:*:*:*
- cpe:2.3:a:google:checkout-php:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:google:checkout-php:1.2.5a:*:*:*:*:*:*:*
- cpe:2.3:a:google:checkout-php:1.2:beta:*:*:*:*:*:*
- cpe:2.3:a:google:checkout-php:1.3.0:*:*:*:*:*:*:*
- Range: <1.3.2
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.