Mollie for Drupal - Moderately critical - Faulty payment confirmation logic - SA-CONTRIB-2023-052

Project: Mollie for DrupalDate: 2023-November-15Security risk: Moderately critical 12∕25 AC:Complex/A:None/CI:None/II:Some/E:Theoretical/TD:AllVulnerability: Faulty payment confirmation logicAffected versions: <2.2.1Description: This module enables you to pay online via Mollie.
The module might not properly load the correct order to update the payment status when Mollie redirects to the redirect URL. This can allow an attacker to apply other people's orders to their own, getting credit without paying.
This vulnerability is mitigated by the fact that an attacker must have some knowledge about the module's internal functionality. The issue only affects installations that use the Mollie for Drupal Commerce submodule.Solution: Install the latest version:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article