What the vulnerability does
01Description
Missing Authorization vulnerability in Crypto Cloud CryptoCloud - Crypto Payment Gateway cryptocloud-crypto-payment-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CryptoCloud - Crypto Payment Gateway: from n/a through <= 2.1.2.
Explanation of Vulnerability in Simple Terms
02Summary
CryptoCloud Crypto Payment Gateway versions 2.1.2 and earlier lack proper authorization checks, allowing unauthenticated attackers to modify data and disrupt service availability. The vulnerability requires no user interaction and can be exploited over the network. Site administrators should update to a version newer than 2.1.2 immediately.
What an attacker can do
03Attacker Capabilities
Modify payment data and disrupt service availability without authentication.
Potential impact on your site
04Site Impact
Attackers can alter transaction records and cause payment processing outages without logging in.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
June 9, 2025
CVE published
April 29, 2026
Record updated