CVE-2006-0201

2006-01-1323:00:00

mitre

www.cve.org

AI Score

6.9

Confidence

Low

EPSS

0.021

Percentile

89.2%

JSON

Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipn_success.php.

References

secunia.com/advisories/18444

www.osvdb.org/22378

www.securityfocus.com/archive/1/421739

www.securityfocus.com/bid/16218

www.uinc.ru/articles/vuln/ptpaypal050.shtml

www.vupen.com/english/advisories/2006/0183