The Commerce Commonwealth (CBA) module 7.x-1.x before 7.x-1.5 for Drupal does not properly validate payments, which allows remote attackers to make a failed payment appear valid via a crafted URL, related to a "response from commweb."
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| drupalcommerce | commerce_commonwealth | 7.x-1.4 |
| drupalcommerce | commerce_commonwealth | 7.x-1.2 |
| drupalcommerce | commerce_commonwealth | 7.x-1.0 |
| drupalcommerce | commerce_commonwealth | 7.x-1.3 |
| drupalcommerce | commerce_commonwealth | 7.x-1.1 |