Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information (payment data), and (2) world-writable permissions for ipn/logs, which allows local users to delete or replace payment data.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHP Toolkit for PayPal IPN_success.PHP日志文件注入漏洞
Vulnerability Description
Dave Nielsen and Patrick Breitenbach PayPal Web Services(也称为PHP Toolkit)0.50及可能的更早版本中,(1)所有用户对ipn/logs/ipn_success.txt全域可读,这可让本地用户查看敏感信息(付款数据),以及(2)所有用户对ipn/logs全域可写,这可让本地用户删除或替换付款数据。
CVSS Information
N/A
Vulnerability Type
N/A