CVE-2014-10067

CVE-2014-10067

paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attacker could craft a request using the simulator that would fool any application which does not explicitly check for test_ipn in production.

Source: CVE-2014-10067

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다