{"vuid":"VU#207540","idnumber":"207540","name":"TomatoCart with PayPal Express Checkout design flaw vulnerability","keywords":["tomatocart","paypal","design flaw"],"overview":"TomatoCart 1.1.7  with PayPal Express Checkout, and possibly other versions, contains a design flaw that may allow an attacker to purchase items for free or less than advertised.","clean_desc":"It has been reported that TomatoCart 1.1.7 using the PayPal Express Checkout module in sandbox mode, and possibly other versions,  suffers from a design flaw that may allow an attacker to purchase items for free or at a reduced price. An attacker may be able to manipulate the redirection URL from PayPal back to TomatoCart in a way that allows the attacker to purchase items for free or at a reduced price.","impact":"An attacker may be able to purchase items for free or at a reduced price.","resolution":"We are currently unaware of a practical solution to this problem. Please consider the following workaround.","workarounds":"Disable PayPal Express TomatoCart users should disable payments from the PayPal express checkout module until a patch is released.","sysaffected":"","thanks":"Thanks to Giancarlo Pellegrino for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":["http://tomatocart.com/","http://code.google.com/p/tomatocart-shoppingcart/downloads/detail?name=paypal_express.zip"],"cveids":["CVE-2012-4934"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2012-08-23T01:06:08Z","publicdate":"2012-10-08T00:00:00Z","datefirstpublished":"2012-10-30T15:15:15Z","dateupdated":"2012-10-30T15:15:18Z","revision":14,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"N","cvss_integrityimpact":"C","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"U","cvss_reportconfidence":"UC","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"6.8","cvss_basevector":"AV:N/AC:L/Au:S/C:N/I:C/A:N","cvss_temporalscore":"5.5","cvss_environmentalscore":"5.5","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}