VYPR
Unrated severityNVD Advisory· Published Sep 19, 2012· Updated Jun 16, 2026

CVE-2012-2991

CVE-2012-2991

Description

The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • cpe:2.3:a:oscommerce:online_merchant:*:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:oscommerce:online_merchant:*:*:*:*:*:*:*:*range: <=2.3.3
    • cpe:2.3:a:oscommerce:online_merchant:2.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oscommerce:online_merchant:2.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oscommerce:online_merchant:2.3.2:*:*:*:*:*:*:*
    • (no CPE)range: <2.3.4
  • cpe:2.3:a:paypal:website_payments_standard_module:*:*:*:*:*:*:*:*
    Range: <=1.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.