Security concerns
From Memora, the internal wiki
- No webhook verification — MollieController.php doesn't verify that webhook calls actually come from Mollie. Anyone could forge a payment confirmation.
- Missing auth check on order redirect — The
mollie/redirect/{order}route lets anyone view any order's status by guessing the ID.
Category:
Coding with Claude