POODLE Vulnerability Discovery Affecting Zen Cart Stores Accepting PayPal

PayPal has fixed a vulnerability in their payment system due to POODLE by removing the CURL SSL Option. All stores that accept PayPal are affected and will not be able to take payment via the PayPal modules unless the following code change is made:

Open includes/modules/payment/paypal/paypal_curl.php and find line 59:
CURLOPT_SSLVERSION => 3,

Change to:
//CURLOPT_SSLVERSION => 3,

If you need assistance with making this code change, please contact support@numinix.com and we’ll correct the issue for you today.

Update: this affects any script that uses the CURLOPT_SSLVERSION option and the recommended fix is to comment out that line completely from all scripts (i.e. PayPal, Authorize.net, Linkpoint, USPS, etc).

One thought on “POODLE Vulnerability Discovery Affecting Zen Cart Stores Accepting PayPal

  1. hi

    We are using zen cart we got mail for paypal (28) SSL connection timeout in connection and we found the your page and we used but i getting the same of (28) SSL connection timeout could you please us

    Regards
    Murugan


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Contact Account Cart Search Cart Open Menu Arrow Link Arrow Chat Close Close Popup Facebook Twitter Google Plus linkedin2
    POODLE Vulnerability Discovery Affecting Zen Cart Stores Accepting PayPal - Numinix Blog