CVE-2024-33969
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-33969 is a newly disclosed SQL injection vulnerability affecting PayPal's Payment system, specifically versions 1.0. An attacker can exploit this flaw by crafting a malicious SQL query and sending it to the server through the 'id' parameter in '/AttendanceMonitoring/department/index.php'. Successful exploitation of this vulnerability could grant the attacker unauthorized access to all stored information on the server. This poses a significant risk to sensitive payment data, including credit card and debit card information. It is recommended that affected organizations upgrade to the latest version of PayPal's Payment system to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- PayPal
Affected Vendors
- PayPal