VDB
CVE-2012-4934
CVE-2012-4934
PUBLISHED
CVSS 3.5 LOW
TomatoCart 1.1.7, when the PayPal Express Checkout module is enabled in sandbox mode, allows remote authenticated users to bypass intended payment requirements by modifying a certain redirection URL.
EPSS 0.38% · 60.1th percentile
Risk Scores
CVSS 2.0
3.5
EPSS Score
0.38%
60.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| tomatocart | tomatocart | 1.1.7 |
| n/a | n/a | n/a |
Timeline
- Oct 31, 2012 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 17, 2022 CVE Updated
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
References
- 86883 vdb
- VU#207540 third-party-advisory
- 56333 vdb
- tomatocart-paypal-sec-bypass(79696) vdb
- https://nvd.nist.gov/vuln/detail/CVE-2012-4934 advisory