View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007936 | module PayPal Checkout | module PayPal checkout - sub | public | 2026-04-29 11:26 | 2026-06-29 14:01 |
| Reporter | michael_keiluweit | Assigned To | |||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 2.8.4 / 3.7.4 | ||||
| Fixed in Version | 2.9.0 / 3.8.0 | ||||
| Summary | 0007936: Security: Unauthorized Account Access | ||||
| Description | An authentication bypass (CWE-287) in the user authentication flow of the OXID PayPal checkout module allows a remote, unauthenticated attacker to access arbitrary customer accounts.
| ||||
| Steps To Reproduce | Reproduction has been verified internally against a controlled test environment. A working proof-of-concept exists and is withheld under coordinated vulnerability disclosure (ISO/IEC 29147, FIRST CVD) until a vendor patch is available. | ||||
| Additional Information | CVE: pending request | ||||
| Tags | No tags attached. | ||||