4 matches found
phpCOIN < 1.2.4 Multiple Script _CCFG[_PKG_PATH_INCL] Parameter Remote File Inclusion
Binary data 3735.prm...
CVE-2005-0669
Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 through 1.2.1b allow remote attackers to execute arbitrary SQL commands via the 1 the faqid in the faq mod, 2 the id parameter in the pages mod, 3 the id parameter in the siteinfo module, 4 the topicid parameter in the articles...
CVE-2005-0670
Cross-site scripting XSS vulnerability in phpCOIN 1.2.0 through 1.2.1b allows remote attackers to inject arbitrary web script or HTML via 1 the new parameter to mod.php, 2 the w parameter to mod.php, 3 the e parameter to login.php, 4 the o parameter to login.php, and possibly other scripts...
phpCOIN <= 1.2.1b Multiple Vulnerabilities
The remote host is running phpCOIN version 1.2.1b or older. These versions suffer from several vulnerabilities, among them : - A Local File Include Vulnerability An attacker can execute arbitrary code in the context of the web server user by passing the name of a script or file through the 'page'...