Vulnerability Description
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information (payment data), and (2) world-writable permissions for ipn/logs, which allows local users to delete or replace payment data.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Paypal | Php Toolkit | <= 0.50 |
References
- http://secunia.com/advisories/18444Vendor Advisory
- http://www.osvdb.org/22379
- http://www.securityfocus.com/archive/1/421739Vendor Advisory
- http://www.securityfocus.com/bid/16218
- http://www.uinc.ru/articles/vuln/ptpaypal050.shtmlVendor Advisory
- http://www.vupen.com/english/advisories/2006/0183
- http://secunia.com/advisories/18444Vendor Advisory
- http://www.osvdb.org/22379
- http://www.securityfocus.com/archive/1/421739Vendor Advisory
- http://www.securityfocus.com/bid/16218
- http://www.uinc.ru/articles/vuln/ptpaypal050.shtmlVendor Advisory
- http://www.vupen.com/english/advisories/2006/0183
FAQ
What is CVE-2006-0202?
CVE-2006-0202 is a vulnerability with a CVSS score of 3.6 (LOW). Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view s...
How severe is CVE-2006-0202?
CVE-2006-0202 has been rated LOW with a CVSS base score of 3.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0202?
Check the references section above for vendor advisories and patch information. Affected products include: Paypal Php Toolkit.