CVE-2024-33969

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 6, 2024
Updated: Aug 8, 2024
CWE ID 89

Summary

CVE-2024-33969 is a newly disclosed SQL injection vulnerability affecting PayPal's Payment system, specifically versions 1.0. An attacker can exploit this flaw by crafting a malicious SQL query and sending it to the server through the 'id' parameter in '/AttendanceMonitoring/department/index.php'. Successful exploitation of this vulnerability could grant the attacker unauthorized access to all stored information on the server. This poses a significant risk to sensitive payment data, including credit card and debit card information. It is recommended that affected organizations upgrade to the latest version of PayPal's Payment system to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share