CVE-2015-7231

Commerce Commonwealth 7.x-1.x < 7.x-1.5 - Unauthenticated Payment Validation Bypass via Crafted URL

Title source: llm
STIX 2.1

Description

The Commerce Commonwealth (CBA) module 7.x-1.x before 7.x-1.5 for Drupal does not properly validate payments, which allows remote attackers to make a failed payment appear valid via a crafted URL, related to a "response from commweb."

References (2)

Core 2
Core References
Patch x_refsource_confirm
https://www.drupal.org/node/2541832
Patch, Vendor Advisory x_refsource_misc
https://www.drupal.org/node/2542380

Scores

EPSS 0.0105
EPSS Percentile 60.4%

Details

CWE
CWE-20
Status published
Products (5)
drupalcommerce/commerce_commonwealth 7.x-1.0
drupalcommerce/commerce_commonwealth 7.x-1.1
drupalcommerce/commerce_commonwealth 7.x-1.2
drupalcommerce/commerce_commonwealth 7.x-1.3
drupalcommerce/commerce_commonwealth 7.x-1.4
Published Sep 17, 2015
Tracked Since Feb 18, 2026