Summary #

Invicti identified a possible credit card number disclosure.

Impact #
It is not mandatory for a merchant to require the security code for making a transaction, hence the card is still prone to fraud even if only its number is known to phishers.
Remediation #
We strongly advise you not to expose credit card numbers on your website.
Classifications #
PCI v3.1-6.5.3; PCI v3.2-6.5.3; CAPEC-118; CWE-213; ISO27001-A.18.1.4; WASC-13; OWASP PC-C7; OWASP 2013-A6; OWASP 2017-A3
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities


Search Vulnerability


Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo