CVE-2005-4214

CVE-2005-4214 concerns phpCOIN 1.2.2. Affected component: installation/config flow via config.php. Root cause: the _CCFG['_PKG_PATH_DBSE'] variable is not defined, causing an error message that leaks the installation path to remote attackers. Impact: partial disclosure of information (installatio...

CVE-2005-4211

PHP remote file inclusion in phpCOIN 1.2.2 affects coin_includes/db.php, allowing an attacker to supply a URL via the _CCFG[_PKG_PATH_DBSE] parameter to execute arbitrary PHP code. This is a code-execution exposure in the web application, with no exploitation details provided beyond the parameter...

CVE-2006-4424

CVE-2006-4424 is a PHP remote file inclusion vulnerability in phpCOIN 1.2.3. The flaw lies in coin_includes/constants.php where user-supplied _CCFG[_PKG_PATH_INCL] can cause the application to include arbitrary PHP code, enabling an attacker to execute code on the server. Affected component/issue...

CVE-2005-4212

CVE-2005-4212 affects phpCOIN 1.2.2. A directory traversal vulnerability in coin_includes/db.php permits remote attackers to read arbitrary local files by supplying ".." sequences in the $_CCFG[_PKG_PATH_DBSE] variable. This is a server-side path traversal in the PHP include logic, enabling expos...

CVE-2006-4425

CVE-2006-4425 affects the phpCOIN 1.2.3 package. Multiple remote file inclusion weaknesses allow an unauthenticated, remote attacker to cause code execution by manipulating the _CCFG[_PKG_PATH_INCL] parameter in seven coin_includes scripts (api.php, common.php, core.php, custom.php, db.php, redir...

CVE-2005-4213

CVE-2005-4213 describes a SQL injection in mod.php of phpCOIN 1.2.2 exploitable via the phpcoinsessid cookie, allowing remote SQL commands. This affects phpCOIN 1.2.2 prior to any fixes; remediation is not detailed in the provided documents, but related Nessus entries reference a 1.2.2 fix releas...

CVE-2006-1428

CVE-2006-1428 affects phpCOIN 1.2.2 and earlier. The vulnerability is described as multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML through the fs parameter to either mod.php or mod_print.php. The available documents do not provide explo...

CVE-2005-1384

CVE-2005-1384 : The phpCoin project – version 1.2.2 or older – is affected by multiple SQL injection vulnerabilities. The issues arise from improper sanitization in user-supplied input and affect the following entry points/parameters: (1) search in index.php, (2) phpcoinsessid in login.php, (3) i...

CVE-2005-0946

CVE-2005-0946 affects phpCOIN 1.2.1b and earlier, with SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. Affected input surfaces include the term/keywords field on search, username or e-mail on forgot password, and domain name on the new package ordering...

CVE-2005-0670

The provided threat data centers on phpCOIN versions 1.2.0 through 1.2.1b, which are reported to contain multiple input-validation flaws. The CVE-2005-0670 entry describes cross-site scripting (XSS) vulnerabilities allowing arbitrary script/HTML injection via specific parameters to mod.php and lo...

CVE-2005-0947

Vulnerability summary (CVE-2005-0947) : The phpCOIN product (versions 1.2.1b and earlier) contains a directory traversal flaw in the auxiliary script auxpage.php. An attacker can supply a path in the page parameter that includes “..” to read or potentially execute arbitrary files on the server. T...

CVE-2005-0669

CVE-2005-0669 concerns multiple SQL injection flaws in phpCOIN 1.2.0–1.2.1b (PHP-based application). The vulnerabilities affect mod.php across several modules: faq (faq_id), pages (id), siteinfo (id), articles (topic_id), orders (ord_id), domains (dom_id), and invoices (invd_id). The underlying i...

CVE-2005-0932

CVE-2005-0932 describes multiple SQL injection flaws in phpCOIN 1.2.1b and earlier, exploitable via the search engine, forgotten-password username/email fields, or the domain name in package orders. The underlying issue is unsafe SQL construction in these modules, enabling remote attackers to exe...

CVE-2005-0933

CVE-2005-0933 describes a directory traversal vulnerability in the PHPCOIN application (auxpage.php) affecting phpCOIN versions ≤ 1.2.1b. Remote attackers can read arbitrary files by manipulating the page parameter. This is validated across sources: the NVD entry notes a directory traversal issue...

CVE-2006-2422

CVE-2006-2422 affects phpCOIN 1.2.3 and earlier. The flaw allows remote authenticated users to read other users’ messages by adding the sender’s e‑mail address as an “additional contact,” indicating a partial confidentiality impact. The NVD entry notes network attack vector with low complexity an...