This module integrates the Sagepay payment service.
Some of the URLs used while processing the payment are not sufficiently secured. This might allow attackers to resume a previously failed payment attempt or to view content that should only be shown after a succesful payment. This affects all payments in a Drupal installation with this module enabled (including payments made using other payment methods).
Install the latest version:
- If you use the sagepay_paymet module for Drupal 7.x, upgrade to sagepay_payment 7.x-1.5
Also see the Sagepay project page.
- Greg Knaddison of the Drupal Security Team