CVE-2024-33971

Summary

CVE-2024-33971 is a newly disclosed SQL injection vulnerability affecting PayPal's payment system, specifically versions 1.0. A malicious actor can exploit this flaw by sending a crafted SQL query to the server via the 'username' parameter in '/login.php'. Successful exploitation could grant the attacker unauthorized access to all the stored information, posing a significant risk to financial data and user privacy. This vulnerability highlights the importance of input validation and sanitization to prevent SQL injection attacks. PayPal is advised to address this issue promptly to mitigate potential harm.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.