Vulnerabilities > CVE-2006-2422 - Information Disclosure vulnerability in phpCOIN Email Address
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
phpCOIN 1.2.3 and earlier stores messages based upon e-mail addresses, which allows remote authenticated users to read messages for other users by adding the sender's e-mail address as an "additional contact". Apply patch : http://forums.phpcoin.com/index.php?showtopic=5941
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |