CVE-2024-33970

Summary

CVE-2024-33970 is a newly identified SQL injection vulnerability that affects PayPal's payment system, specifically versions 1.0. This issue enables attackers to manipulate SQL queries by sending crafted input via the 'studid' parameter in the '/candidate/controller.php' endpoint. Successful exploitation could allow the attacker to gain unauthorized access to stored information, potentially compromising sensitive data such as credit card and debit card details. The vulnerability poses a significant risk to PayPal customers and emphasizes the importance of timely software updates and secure coding practices.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.