CVE-2006-0202

2006-01-13T23:03:00
ID CVE-2006-0202
Type cve
Reporter cve@mitre.org
Modified 2011-03-08T02:29:00

Description

Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information (payment data), and (2) world-writable permissions for ipn/logs, which allows local users to delete or replace payment data.