2 matches found
CVE-2006-0201
The provided connected documents confirm CVE-2006-0201 affects PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier versions. The vulnerability allows remote attackers to inject false payment entries into the log file by sending HTTP POST requests to ipn_success.php, indicating an inpu...
CVE-2006-0202
CVE-2006-0202 affects PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier. The issue is due to insecure filesystem permissions: ipn/logs/ipn_success.txt is world-readable, allowing local users to view payment data, and ipn/logs is world-writable, enabling local users to delete or repl...