PT-2006-1278 · Paypal · Paypal Web Services

Cens

Publicado

2006-01-13

Atualizado

2011-03-08

CVE-2006-0201

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions PayPal Web Services (aka PHP Toolkit) versions 0.50 and earlier

Description The issue allows remote attackers to enter false payment entries into the log file. This can be achieved via HTTP POST requests to the "ipn success.php" endpoint.

Recommendations For versions 0.50 and earlier, consider restricting access to the "ipn success.php" endpoint until a fix is available. Additionally, monitor log files for suspicious payment entries to minimize potential damage.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-0201

Produtos afetados

Paypal Web Services

PT-2006-1278 · Paypal · Paypal Web Services

CVE-2006-0201

Identificadores relacionados

Produtos afetados

Referências · 7