CVE-2024-33962

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 6, 2024

Updated: Aug 8, 2024

CWE ID 89

Summary

CVE-2024-33962 is a newly discovered SQL injection vulnerability that affects PayPal's version 1.0 payment system. An attacker can exploit this flaw by sending a specially crafted query to the server through the '/admin/mod_reservation/index.php' parameter named 'code'. By doing so, they could potentially retrieve all the stored information on the server, posing a significant risk to financial data and privacy. This vulnerability underscores the importance of timely patches and input validation in web applications to mitigate SQL injection attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

PayPal

Affected Vendors

PayPal

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/vrGPDE
https://www.cve.org/CVERecord?id=CVE-2024-33962
https://nvd.nist.gov/vuln/detail/CVE-2024-33962

Back to Vulnerability Database