CVE-2015-7231 Information

Description

The Commerce Commonwealth (CBA) module 7.x-1.x before 7.x-1.5 for Drupal does not properly validate payments which allows remote attackers to make a failed payment appear valid via a crafted URL related to a \response from commweb.\

Reference

https://www.drupal.org/node/2541832 https://www.drupal.org/node/2542380