Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SwagPayPal payment not sent to PayPal correctly
Vulnerability Description
SwagPayPal is a PayPal integration for shopware/platform. If JavaScript-based PayPal checkout methods are used (PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, Credit card), the amount and item list sent to PayPal may not be identical to the one in the created order. The problem has been fixed with version 5.4.4. As a workaround, disable the aforementioned payment methods or use the Security Plugin in version >= 1.0.21.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
SwagPayPal 数据伪造问题漏洞
Vulnerability Description
SwagPayPal是Shopware开源的一个商店软件/平台的 PayPal 集成。 SwagPayPal 存在数据伪造问题漏洞,该漏洞源于发送到 PayPal 的金额和项目列表可能与创建的订单中的不一致。
CVSS Information
N/A
Vulnerability Type
N/A