What the vulnerability does
01Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in totalprocessing Nomupay Payment Processing Gateway totalprocessing-card-payments allows Path Traversal.This issue affects Nomupay Payment Processing Gateway: from n/a through <= 7.1.5.
Explanation of Vulnerability in Simple Terms
02Summary
The Nomupay Payment Processing Gateway contains a path traversal vulnerability that allows authenticated users to read arbitrary files from the server. An attacker with low-level access can bypass directory restrictions and access sensitive files outside the intended application directory. This affects all versions up to 7.1.5.
What an attacker can do
03Attacker Capabilities
Read arbitrary files from the server, including configuration files and other sensitive data.
Potential impact on your site
04Site Impact
Sensitive files (database credentials, API keys, configuration) may be exposed if the gateway is integrated with your site.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege account or valid authentication to the payment gateway.
Key dates
06Disclosure timeline
April 10, 2025
CVE published
April 28, 2026
Record updated