CVE-2024-33974

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 6, 2024
Updated: Aug 7, 2024
CWE ID 89

Summary

CVE-2024-33974 represents a significant SQL injection vulnerability in PayPal's Payment system, specifically affecting version 1.0. Malicious actors can capitalize on this flaw by constructing carefully crafted queries and sending them to the server. Successful exploitation grants attackers unauthorized access to all stored data through the 'Users in' parameter within the '/report/printlogs.php' endpoint. This vulnerability poses a substantial risk to financial information, potentially leading to data breaches and monetary losses.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share