CVE-2024-33966

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 6, 2024
Updated: Aug 8, 2024
CWE ID 89

Summary

CVE-2024-33966 is a newly disclosed SQL injection vulnerability that affects PayPal's payment system, including Credit Card and Debit Card transactions, using version 1.0. An attacker can exploit this vulnerability by sending a specially crafted query to the server through the 'xtsearch' parameter located in '/admin/mod_reports/index.php'. Upon successful exploitation, the attacker gains unauthorized access to all stored information in the server database. This vulnerability poses a significant risk to financial data security and should be addressed promptly by applying the necessary security patches. PayPal is urged to take immediate action to mitigate this risk and prevent potential data breaches.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share