Vulnerabilities > CVE-2006-2422 - Information Disclosure vulnerability in phpCOIN Email Address

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
coinsoft-technologies

Summary

phpCOIN 1.2.3 and earlier stores messages based upon e-mail addresses, which allows remote authenticated users to read messages for other users by adding the sender's e-mail address as an "additional contact". Apply patch : http://forums.phpcoin.com/index.php?showtopic=5941