VYPR
Unrated severityNVD Advisory· Published Nov 6, 2012· Updated Jun 16, 2026

CVE-2011-5238

CVE-2011-5238

Description

google-checkout-php-sample-code before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

8
  • cpe:2.3:a:google:checkout-php:*:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:google:checkout-php:*:*:*:*:*:*:*:*range: <=1.3.1
    • cpe:2.3:a:google:checkout-php:1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:google:checkout-php:1.2.1:beta:*:*:*:*:*:*
    • cpe:2.3:a:google:checkout-php:1.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:google:checkout-php:1.2.5a:*:*:*:*:*:*:*
    • cpe:2.3:a:google:checkout-php:1.2:beta:*:*:*:*:*:*
    • cpe:2.3:a:google:checkout-php:1.3.0:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.