Vulnerabilities > Coinsoft Technologies > Phpcoin > 1.2.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-05-17 | CVE-2006-2422 | Information Disclosure vulnerability in phpCOIN Email Address phpCOIN 1.2.3 and earlier stores messages based upon e-mail addresses, which allows remote authenticated users to read messages for other users by adding the sender's e-mail address as an "additional contact". | 5.0 |
2006-03-28 | CVE-2006-1428 | Cross-Site Scripting vulnerability in phpCOIN Multiple cross-site scripting (XSS) vulnerabilities in phpCOIN 1.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the fs parameter to (1) mod.php or (2) mod_print.php. network coinsoft-technologies | 4.3 |
2005-12-21 | CVE-2005-4447 | SQL-Injection vulnerability in phpCOIN SQL injection vulnerability in articles\articles_funcs.php in phpCOIN 1.2.2 allows remote attackers to modify SQL syntax and possibly execute SQL in limited circumstances via the rec_next parameter. | 7.5 |
2005-12-14 | CVE-2005-4214 | Information Exposure vulnerability in Coinsoft Technologies PHPcoin 1.2.2 phpCOIN 1.2.2 allows remote attackers to obtain the installation path via a direct request to config.php, which leaks the path in an error message because the _CCFG['_PKG_PATH_DBSE'] variable is not defined. | 5.0 |
2005-12-14 | CVE-2005-4213 | SQL Injection vulnerability in Coinsoft Technologies PHPcoin 1.2.2 SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary SQL commands via the phpcoinsessid cookie. | 7.5 |
2005-12-14 | CVE-2005-4212 | Unspecified vulnerability in Coinsoft Technologies PHPcoin 1.2.2 Directory traversal vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to read arbitrary local files via ".." (dot dot) sequences in the $_CCFG[_PKG_PATH_DBSE] variable. | 5.0 |
2005-12-14 | CVE-2005-4211 | Unspecified vulnerability in Coinsoft Technologies PHPcoin 1.2.2 PHP remote file inclusion vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the $_CCFG[_PKG_PATH_DBSE] variable. | 7.5 |