CVE-2024-33963
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Aug 6, 2024
Updated: Aug 8, 2024
CWE ID 89
Summary
CVE-2024-33963 is a newly disclosed SQL injection vulnerability affecting PayPal's payment system, specifically versions 1.0. An attacker can exploit this weakness by crafting a malicious query and sending it to the server through the 'id' parameter in the '/admin/mod_room/index.php' URL. Successful exploitation could grant the attacker unauthorized access to all stored information in the server database. This vulnerability poses a significant risk to financial data and requires immediate remediation efforts from PayPal to prevent potential data breaches.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- PayPal
Affected Vendors
- PayPal