Paypal - Php Toolkit CVE - OpenCVE

Filtered by vendor Paypal Subscriptions

Filtered by product Php Toolkit Subscriptions

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2006-0202	1 Paypal	1 Php Toolkit	2011-03-08	N/A
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information (payment data), and (2) world-writable permissions for ipn/logs, which allows local users to delete or replace payment data.
CVE-2006-0201	1 Paypal	1 Php Toolkit	2011-03-08	N/A
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipn_success.php.

Page 1 of 1.