Lucene search
HistoryJan 13, 2006 - 11:03 p.m.
CVE-2006-0201
cve-2006-0201
paypal
web services
php toolkit
remote attack
log entry vulnerability
nvd
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
6.9 Medium
AI Score
Confidence
High
0.021 Low
EPSS
Percentile
89.2%
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipn_success.php.
Affected configurations
Node
paypalphp_toolkitRange≤0.50
| CPE | Name | Operator | Version |
|---|---|---|---|
| paypal:php_toolkit | paypal php toolkit | le | 0.50 |
Related
cvelist
cvelist
CVE-2006-0201
2006-01-13 23:00:00
prion
prion
Code injection
2006-01-13 23:03:00
nvd
nvd
CVE-2006-0201
2006-01-13 23:03:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
6.9 Medium
AI Score
Confidence
High
0.021 Low
EPSS
Percentile
89.2%
Related for CVE-2006-0201