CVE-2024-33963

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 6, 2024
Updated: Aug 8, 2024
CWE ID 89

Summary

CVE-2024-33963 is a newly disclosed SQL injection vulnerability affecting PayPal's payment system, specifically versions 1.0. An attacker can exploit this weakness by crafting a malicious query and sending it to the server through the 'id' parameter in the '/admin/mod_room/index.php' URL. Successful exploitation could grant the attacker unauthorized access to all stored information in the server database. This vulnerability poses a significant risk to financial data and requires immediate remediation efforts from PayPal to prevent potential data breaches.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share