ID CVE-2005-1384
Summary Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to index.php, (2) phpcoinsessid parameter to login.php, (3) id, (4) dtopic_id, or (5) dcat_id to mod.php.
References
Vulnerable Configurations
  • cpe:2.3:a:coinsoft_technologies:phpcoin:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:coinsoft_technologies:phpcoin:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:coinsoft_technologies:phpcoin:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:coinsoft_technologies:phpcoin:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:coinsoft_technologies:phpcoin:1.2.1b:*:*:*:*:*:*:*
    cpe:2.3:a:coinsoft_technologies:phpcoin:1.2.1b:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 13433
bugtraq 20050428 Multiple Sql injections in phpCoin v1.2.2 and below
misc
sectrack 1013834
vupen ADV-2005-0423
xf phpcoin-multiple-sql-injection(20308)
Last major update 11-07-2017 - 01:32
Published 03-05-2005 - 04:00
Last modified 11-07-2017 - 01:32
Back to Top