Total vulnerabilities in the database
CS-Cart before 3.0.6, when PayPal Standard Payments is configured, allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self.
| Software | From | Fixed in |
|---|---|---|
| cs-cart / cs-cart | 3.0.2 | 3.0.2.x |
| cs-cart / cs-cart | - | 3.0.5.x |
| cs-cart / cs-cart | 3.0.4 | 3.0.4.x |
| cs-cart / cs-cart | 3.0 | 3.0.x |
| cs-cart / cs-cart | 3.0.3 | 3.0.3.x |