Vigil@nce - Drupal Commerce Ogone: bypassing payment
March 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can bypass the process of Drupal Commerce Ogone, in
order to deceive the seller.
Impacted products: Drupal Modules
Severity: 2/4
Creation date: 05/03/2015
DESCRIPTION OF THE VULNERABILITY
The Commerce Ogone module can be installed on Drupal.
However, an attacker can change the state of an order without
paying.
An attacker can therefore bypass the process of Drupal Commerce
Ogone, in order to deceive the seller.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Drupal-Commerce-Ogone-bypassing-payment-16314