漏洞类别:CGI
漏洞等级: 
漏洞信息
PayPal PHP Merchant SDK can be used for integrating with the Express Checkout, Mass Pay, Web Payments Pro APIs.
The vulnerability exists in the implemented merchant-sdk-php\samples\AccountAuthentication\GetAuthDetails.html.php source file that fails to sufficiently sanitize user supplied input received via the token parameter. An unauthenticated, remote attacker could exploit this vulnerability by transmitting malicious HTTP GET requests to the targeted system.
Affected Version:
PayPal PHP Merchant SDK versions up to 3.9.1
漏洞危害
Successful exploitation could allow an attacker to execute arbitrary HTML and script code in a user's browser session under the context of the site. This may allow the attacker to access sensitive browser-based information such as authentication cookies and recently submitted data.
解决方案
Customers are advised to upgrade to PayPal PHP Merchant SDK 3.10.0 or later versions to remediate this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论