Coinsoft Technologies

Phpcoin

15 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.1

CVE-2006-4424

Exploit
  • EPSS 8%
  • Veröffentlicht 29.08.2006 00:04:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

PHP remote file inclusion vulnerability in coin_includes/constants.php in phpCOIN 1.2.3 allows remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter.

5.1

CVE-2006-4425

Exploit
  • EPSS 5.14%
  • Veröffentlicht 29.08.2006 00:04:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple PHP remote file inclusion vulnerabilities in phpCOIN 1.2.3 allow remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter in coin_includes scripts including (1) api.php, (2) common.php, (3) core.php, (4) custom....

5

CVE-2006-2422

  • EPSS 0.48%
  • Veröffentlicht 17.05.2006 10:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

phpCOIN 1.2.3 and earlier stores messages based upon e-mail addresses, which allows remote authenticated users to read messages for other users by adding the sender's e-mail address as an "additional contact".

4.3

CVE-2006-1428

  • EPSS 0.94%
  • Veröffentlicht 28.03.2006 20:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in phpCOIN 1.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the fs parameter to (1) mod.php or (2) mod_print.php.

7.5

CVE-2005-4211

Exploit
  • EPSS 7.35%
  • Veröffentlicht 14.12.2005 11:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

PHP remote file inclusion vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the $_CCFG[_PKG_PATH_DBSE] variable.

5

CVE-2005-4212

Exploit
  • EPSS 6.91%
  • Veröffentlicht 14.12.2005 11:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Directory traversal vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to read arbitrary local files via ".." (dot dot) sequences in the $_CCFG[_PKG_PATH_DBSE] variable.

7.5

CVE-2005-4213

Exploit
  • EPSS 2%
  • Veröffentlicht 14.12.2005 11:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary SQL commands via the phpcoinsessid cookie.

5

CVE-2005-4214

Exploit
  • EPSS 1.04%
  • Veröffentlicht 14.12.2005 11:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

phpCOIN 1.2.2 allows remote attackers to obtain the installation path via a direct request to config.php, which leaks the path in an error message because the _CCFG['_PKG_PATH_DBSE'] variable is not defined.

7.5

CVE-2005-1384

Exploit
  • EPSS 2.45%
  • Veröffentlicht 03.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to index.php, (2) phpcoinsessid parameter to login.php, (3) id, (4) dtopic_id, or (5) dcat_id to mod.php.

7.5

CVE-2005-0669

Exploit
  • EPSS 1.23%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 through 1.2.1b allow remote attackers to execute arbitrary SQL commands via the (1) the faq_id in the faq mod, (2) the id parameter in the pages mod, (3) the id parameter in the site...