Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information (payment data), and (2) world-writable permissions for ipn/logs, which allows local users to delete or replace payment data.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-01-13T23:00:00

Updated: 2024-08-07T16:25:34.008Z

Reserved: 2006-01-13T00:00:00

Link: CVE-2006-0202

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2006-01-13T23:03:00.000

Modified: 2011-03-08T02:29:34.437

Link: CVE-2006-0202

cve-icon Redhat

No data.