Drupal Commerce Skrill Module Security Bypass Vulnerability
Release Date : 2013-04-04
Criticality level : Less critical
Impact : Security Bypass
Where : From remote
Solution Status: Vendor Patch
Software: Drupal Commerce Skrill Module 7.x
A vulnerability has been reported in the Commerce Skrill module for Drupal, which can be exploited by malicious people to bypass certain security restrictions.
The application does not properly verify access rights when processing Instant payment notifications (IPN) and can be exploited to e.g. forge notifications.
The vulnerability is reported in versions prior to 7.x-1.2.
Update to version 7.x-1.2.