CVSS: 3.6EPSS: 0%CPEs: 1EXPL: 0CVE-2006-0202
https://notcve.org/view.php?id=CVE-2006-0202
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information (payment data), and (2) world-writable permissions for ipn/logs, which allows local users to delete or replace payment data. • http://secunia.com/advisories/18444 http://www.osvdb.org/22379 http://www.securityfocus.com/archive/1/421739 http://www.securityfocus.com/bid/16218 http://www.uinc.ru/articles/vuln/ptpaypal050.shtml http://www.vupen.com/english/advisories/2006/0183 •
CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 0CVE-2006-0201
https://notcve.org/view.php?id=CVE-2006-0201
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipn_success.php. • http://secunia.com/advisories/18444 http://www.osvdb.org/22378 http://www.securityfocus.com/archive/1/421739 http://www.securityfocus.com/bid/16218 http://www.uinc.ru/articles/vuln/ptpaypal050.shtml http://www.vupen.com/english/advisories/2006/0183 •