Cens

**Name of the Vulnerable Software and Affected Versions** PayPal Web Services (aka PHP Toolkit) versions 0.50 and earlier **Description** The issue allows remote attackers to enter false payment entries into the log file. This can be achieved via HTTP POST requests to the "ipn success.php" endpoint. **Recommendations** For versions 0.50 and earlier, consider restricting access to the "ipn success.php" endpoint until a fix is available. Additionally, monitor log files for suspicious payment entries to minimize potential damage.

**Name of the Vulnerable Software and Affected Versions** PayPal Web Services (aka PHP Toolkit) versions 0.50 and earlier **Description** The issue concerns world-readable permissions for `ipn/logs/ipn success.txt`, allowing local users to view sensitive payment data, and world-writable permissions for `ipn/logs`, enabling local users to delete or replace payment data. **Recommendations** For versions 0.50 and earlier, change the permissions of `ipn/logs/ipn success.txt` to restrict read access and modify the permissions of the `ipn/logs` directory to prevent unauthorized write access.