CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Paypal: >> Php Toolkit Security Vulnerabilities

CVE-2006-0201

Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipn_success.php.

CVSS Score

5.0

EPSS Score

0.007

Published

2006-01-13

CVE-2006-0202

Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information (payment data), and (2) world-writable permissions for ipn/logs, which allows local users to delete or replace payment data.

CVSS Score

3.6

EPSS Score

0.001

Published

2006-01-13

Page 1

Vulnerabilities

Vulnerable Software

Paypal: >> Php Toolkit Security Vulnerabilities

Products

Pricing

Contact Us