MidnightBSD

Advisories for drupalcommerce

CVE-2015-7231 MEDIUM

The Commerce Commonwealth (CBA) module 7.x-1.x before 7.x-1.5 for Drupal does not properly validate payments, which allows remote attackers to make a failed payment appear valid via a crafted URL, related to a "response from commweb."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
drupalcommerce commerce_commonwealth 7.x-1.4
drupalcommerce commerce_commonwealth 7.x-1.2
drupalcommerce commerce_commonwealth 7.x-1.0
drupalcommerce commerce_commonwealth 7.x-1.3
drupalcommerce commerce_commonwealth 7.x-1.1