Vulnerability Description
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipn_success.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Paypal | Php Toolkit | <= 0.50 |
References
- http://secunia.com/advisories/18444Vendor Advisory
- http://www.osvdb.org/22378
- http://www.securityfocus.com/archive/1/421739Vendor Advisory
- http://www.securityfocus.com/bid/16218
- http://www.uinc.ru/articles/vuln/ptpaypal050.shtmlVendor Advisory
- http://www.vupen.com/english/advisories/2006/0183
- http://secunia.com/advisories/18444Vendor Advisory
- http://www.osvdb.org/22378
- http://www.securityfocus.com/archive/1/421739Vendor Advisory
- http://www.securityfocus.com/bid/16218
- http://www.uinc.ru/articles/vuln/ptpaypal050.shtmlVendor Advisory
- http://www.vupen.com/english/advisories/2006/0183
FAQ
What is CVE-2006-0201?
CVE-2006-0201 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST r...
How severe is CVE-2006-0201?
CVE-2006-0201 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0201?
Check the references section above for vendor advisories and patch information. Affected products include: Paypal Php Toolkit.