AI Score
Confidence
Low
EPSS
Percentile
89.2%
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipn_success.php.
secunia.com/advisories/18444
www.osvdb.org/22378
www.securityfocus.com/archive/1/421739
www.securityfocus.com/bid/16218
www.uinc.ru/articles/vuln/ptpaypal050.shtml
www.vupen.com/english/advisories/2006/0183