View Issue Details

IDProjectCategoryView StatusLast Update
0007936module PayPal Checkoutmodule PayPal checkout - subpublic2026-06-29 14:01
Reportermichael_keiluweit Assigned To 
PrioritynormalSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Product Version2.8.4 / 3.7.4 
Fixed in Version2.9.0 / 3.8.0 
Summary0007936: Security: Unauthorized Account Access
DescriptionAn authentication bypass (CWE-287) in the user authentication flow of the OXID PayPal checkout module allows a remote, unauthenticated attacker to access arbitrary customer accounts.

Affected versions (verified):
>= 1.0.0, < 1.3.13
>= 2.0.0, < 2.8.4
>= 3.0.0, < 3.7.4

Fixed versions:
>= 1.4.0
>= 2.9.0
>= 3.8.0
Steps To ReproduceReproduction has been verified internally against a controlled test environment. A working proof-of-concept exists and is withheld under coordinated vulnerability disclosure (ISO/IEC 29147, FIRST CVD) until a vendor patch is available.
Additional InformationCVE: pending request
TagsNo tags attached.

Activities

There are no notes attached to this issue.