PT-2006-1278 · Paypal · Paypal Web Services

Cens

Published

2006-01-13

Updated

2011-03-08

CVE-2006-0201

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions PayPal Web Services (aka PHP Toolkit) versions 0.50 and earlier

Description The issue allows remote attackers to enter false payment entries into the log file. This can be achieved via HTTP POST requests to the "ipn success.php" endpoint.

Recommendations For versions 0.50 and earlier, consider restricting access to the "ipn success.php" endpoint until a fix is available. Additionally, monitor log files for suspicious payment entries to minimize potential damage.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0201

Affected Products

Paypal Web Services

PT-2006-1278 · Paypal · Paypal Web Services

CVE-2006-0201

Related Identifiers

Affected Products

References · 7