CVE-2006-0201

high

Description

Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipn_success.php.

References

http://www.vupen.com/english/advisories/2006/0183

http://www.uinc.ru/articles/vuln/ptpaypal050.shtml

http://www.securityfocus.com/bid/16218

http://www.securityfocus.com/archive/1/421739

http://www.osvdb.org/22378

http://secunia.com/advisories/18444

Details

Source: Mitre, NVD

Published: 2006-01-13

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High

EPSS

EPSS: 0.00675

Detections

Analytics