Phpcoin@1.2.2 Security Vulnerabilities and Issues — Phpcoin@1.2.2 CVE List

Lucene search

Coinsoft TechnologiesPhpcoin1.2.2

6 matches found

CVE•added 2005/12/14 11:3 a.m.•316 views

CVE-2005-4214

phpCOIN 1.2.2 allows remote attackers to obtain the installation path via a direct request to config.php, which leaks the path in an error message because the _CCFG['_PKG_PATH_DBSE'] variable is not defined.

5CVSS6.9AI score0.01041EPSS

CVE•added 2005/12/14 11:3 a.m.•236 views

CVE-2005-4211

PHP remote file inclusion vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the $_CCFG[_PKG_PATH_DBSE] variable.

7.5CVSS7.5AI score0.05972EPSS

CVE•added 2005/12/14 11:3 a.m.•113 views

CVE-2005-4212

Directory traversal vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to read arbitrary local files via ".." (dot dot) sequences in the $_CCFG[_PKG_PATH_DBSE] variable.

5CVSS6.6AI score0.05605EPSS

CVE•added 2005/12/14 11:3 a.m.•74 views

CVE-2005-4213

SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary SQL commands via the phpcoinsessid cookie.

7.5CVSS8.4AI score0.01602EPSS

CVE•added 2006/03/28 8:2 p.m.•40 views

CVE-2006-1428

Multiple cross-site scripting (XSS) vulnerabilities in phpCOIN 1.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the fs parameter to (1) mod.php or (2) mod_print.php.

4.3CVSS5.8AI score0.00943EPSS

CVE•added 2006/05/17 10:6 a.m.•31 views

CVE-2006-2422

phpCOIN 1.2.3 and earlier stores messages based upon e-mail addresses, which allows remote authenticated users to read messages for other users by adding the sender's e-mail address as an "additional contact".

5CVSS6.2AI score0.00483EPSS