phpCOIN phpinfo.php Information Disclosure

2005-02-28T20:08:43
ID OSVDB:14257
Type osvdb
Reporter Lostmon Lords(Lostmon@gmail.com)
Modified 2005-02-28T20:08:43

Description

Vulnerability Description

phpCOIN contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote user directly calls the 'phpinfo.php' script occurs, which will disclose information about the target system resulting in a loss of confidentiality.

Solution Description

Upgrade to version 1.2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

phpCOIN contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote user directly calls the 'phpinfo.php' script occurs, which will disclose information about the target system resulting in a loss of confidentiality.

Manual Testing Notes

http://[target]/phpcoin_directory/phpinfo.php

References:

Vendor URL: http://www.phpcoin.com/ Security Tracker: 1013329 Secunia Advisory ID:14439 Related OSVDB ID: 14279 Related OSVDB ID: 14281 Related OSVDB ID: 14280 Other Advisory URL: http://lostmon.blogspot.com/2005/03/phpcoin-phpinfo-information-disclosure.html