Phpcoin@1.2.1 Security Vulnerabilities and Issues — Phpcoin@1.2.1 CVE List

Lucene search

Coinsoft TechnologiesPhpcoin1.2.1

9 matches found

CVE•added 2005/05/03 4:0 a.m.•44 views

CVE-2005-1384

Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to index.php, (2) phpcoinsessid parameter to login.php, (3) id, (4) dtopic_id, or (5) dcat_id to mod.php.

7.5CVSS8.5AI score0.01376EPSS

CVE•added 2005/04/03 5:0 a.m.•41 views

CVE-2005-0946

SQL injection vulnerability in phpCoin 1.2.1b and earlier allows remote attackers to execute arbitrary SQL commands via the (1) term/keywords field on the search page, (2) username or (3) e-mail field on the forgot password page, or (4) domain name on the ordering new package page.

7.5CVSS8.5AI score0.00487EPSS

CVE•added 2005/05/02 4:0 a.m.•40 views

CVE-2005-0670

Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2.1b allows remote attackers to inject arbitrary web script or HTML via (1) the new parameter to mod.php, (2) the w parameter to mod.php, (3) the e parameter to login.php, (4) the o parameter to login.php, and possibly other script...

4.3CVSS5.9AI score0.01114EPSS

CVE•added 2006/03/28 8:2 p.m.•40 views

CVE-2006-1428

Multiple cross-site scripting (XSS) vulnerabilities in phpCOIN 1.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the fs parameter to (1) mod.php or (2) mod_print.php.

4.3CVSS5.8AI score0.00943EPSS

CVE•added 2005/05/02 4:0 a.m.•39 views

CVE-2005-0947

Directory traversal vulnerability in auxpage.php in phpCoin 1.2.1b and earlier allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the page parameter.

7.5CVSS7.2AI score0.00493EPSS

CVE•added 2005/05/02 4:0 a.m.•37 views

CVE-2005-0932

Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and earlier allow remote attackers to execute arbitrary SQL commands (1) via the search engine, (2) the username or email fields in the "forgotten password" feature, or (3) the domain name in a package order.

7.5CVSS8.5AI score0.00518EPSS

CVE•added 2005/05/02 4:0 a.m.•36 views

CVE-2005-0669

Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 through 1.2.1b allow remote attackers to execute arbitrary SQL commands via the (1) the faq_id in the faq mod, (2) the id parameter in the pages mod, (3) the id parameter in the siteinfo module, (4) the topic_id parameter in the ar...

7.5CVSS8.6AI score0.01233EPSS

CVE•added 2005/05/02 4:0 a.m.•36 views

CVE-2005-0933

Directory traversal vulnerability in auxpage.php for phpCOIN 1.2.1b and earlier allows remote attackers to read arbitrary files via the page parameter.

5CVSS6.8AI score0.00248EPSS

CVE•added 2006/05/17 10:6 a.m.•31 views

CVE-2006-2422

phpCOIN 1.2.3 and earlier stores messages based upon e-mail addresses, which allows remote authenticated users to read messages for other users by adding the sender's e-mail address as an "additional contact".

5CVSS6.2AI score0.00483EPSS