Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of the subsequent payments.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Magento WooCommerce CardGate Payment Gateway 访问控制错误漏洞
Vulnerability Description
Magento是美国Magento公司的一套开源的PHP电子商务系统。该系统提供权限管理、搜索引擎和支付网关等功能。 Magento WooCommerce CardGate Payment Gateway 2.0.30及之前版本存在安全漏洞,该漏洞源于Controller/Payment/Callback.php文件中IPN回调处理功能没有对来源进行身份验证。远程攻击者可利用该漏洞替换掉重要的插件设置,绕过支付过程和/或接收之后所有支付的金额。
CVSS Information
N/A
Vulnerability Type
N/A