A critical remote code execution vulnerability has been reported in the eBay owned global e-commerce business PayPal that could be exploited by an attacker to execute arbitrary code on the PayPal's Marketing online-service web-application server.

The remote code execution flaw, discovered by an independent security researcher, has been rated Critical by Vulnerability Lab with a CVSS count of 9.3 and affected the marketing online service web-application of PayPal.

The vulnerability resides in the Java Debug Wire Protocol (JDWP) protocol of the PayPal's marketing online service web-server.

Successful exploitation of the PayPal vulnerability could result in an unauthorized execution of system specific codes against the targeted system in order to completely compromise the company's web server, without any privilege or user interaction.

JDWP is a protocol that used for communication between a debugger and the Java virtual machine that it debugs.

It is one layer of the JavaPlatform,Debugger Architecture (JPDA).

However, JDWP does not use any authentication, but could be abused by hackers to execute arbitrary code remotely onto the affected Web server.

The team fixed the flaw within four days after receiving the details from security researcher.