TomatoCart 1.1.7, when the PayPal Express Checkout module is enabled in sandbox mode, allows remote authenticated users to bypass intended payment requirements