CVE-2024-33966
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-33966 is a newly disclosed SQL injection vulnerability that affects PayPal's payment system, including Credit Card and Debit Card transactions, using version 1.0. An attacker can exploit this vulnerability by sending a specially crafted query to the server through the 'xtsearch' parameter located in '/admin/mod_reports/index.php'. Upon successful exploitation, the attacker gains unauthorized access to all stored information in the server database. This vulnerability poses a significant risk to financial data security and should be addressed promptly by applying the necessary security patches. PayPal is urged to take immediate action to mitigate this risk and prevent potential data breaches.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- PayPal
Affected Vendors
- PayPal