Vigil@nce - Joomla Eshop, Events Booking, Membership Pro: invalid payment via Paypal Payment
May 2017 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use Joomla Eshop, Events Booking or Membership
Pro, and pay less than expected.
Impacted products: Joomla Extensions not comprehensive.
Severity: 2/4.
Creation date: 23/03/2017.
DESCRIPTION OF THE VULNERABILITY
The Eshop, Events Booking, or Membership Pro extensions can be
installed on Joomla.
However, an attacker can pay in a PayPal foreign currency, which
is more favorable.
An attacker can therefore use Joomla Eshop, Events Booking or
Membership Pro, and pay less than expected.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN