Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipn_success.php.
References
Link | Resource |
---|---|
http://secunia.com/advisories/18444 | Vendor Advisory |
http://www.osvdb.org/22378 | |
http://www.securityfocus.com/archive/1/421739 | Vendor Advisory |
http://www.securityfocus.com/bid/16218 | |
http://www.uinc.ru/articles/vuln/ptpaypal050.shtml | Vendor Advisory |
http://www.vupen.com/english/advisories/2006/0183 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2006-01-13T23:00:00
Updated: 2006-01-20T10:00:00
Reserved: 2006-01-13T00:00:00
Link: CVE-2006-0201
JSON object: View
NVD Information
Status : Modified
Published: 2006-01-13T23:03:00.000
Modified: 2011-03-08T02:29:34.347
Link: CVE-2006-0201
JSON object: View
Redhat Information
No data.
CWE