CVE-2006-0202
Summary
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information (payment data), and (2) world-writable permissions for ipn/logs, which allows local users to delete or replace payment data.
- LOW
- LOCAL
- NONE
- PARTIAL
- PARTIAL
- NONE
References
Advisory Timeline
- Published