phpCOIN 1.2 auxpage.php page Parameter Traversal Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/12917/info Multiple remote input validation vulnerabilities affect phpCoin. Multiple SQL injection vulnerabilities have been reported. An attacker may leverage these issues to manipulate and view arbitrary database...

CVE-2005-0947

Vulnerability summary (CVE-2005-0947) : The phpCOIN product (versions 1.2.1b and earlier) contains a directory traversal flaw in the auxiliary script auxpage.php. An attacker can supply a path in the page parameter that includes “..” to read or potentially execute arbitrary files on the server. T...