Webseries Payment Application does not properly restrict privileged operations, which allows remote authenticated users to gain privileges by directly accessing certain URLs.
https://exchange.xforce.ibmcloud.com/vulnerabilities/18848
http://securitytracker.com/id?1012854