| Max CVSS | 7.5 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2005-4214 | 5.0 |
phpCOIN 1.2.2 allows remote attackers to obtain the installation path via a direct request to config.php, which leaks the path in an error message because the _CCFG['_PKG_PATH_DBSE'] variable is not defined.
|
19-10-2018 - 15:40 | 14-12-2005 - 11:03 | |
| CVE-2005-4213 | 7.5 |
SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary SQL commands via the phpcoinsessid cookie.
|
19-10-2018 - 15:40 | 14-12-2005 - 11:03 | |
| CVE-2005-4212 | 5.0 |
Directory traversal vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to read arbitrary local files via ".." (dot dot) sequences in the $_CCFG[_PKG_PATH_DBSE] variable.
|
19-10-2018 - 15:40 | 14-12-2005 - 11:03 | |
| CVE-2005-4211 | 7.5 |
PHP remote file inclusion vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the $_CCFG[_PKG_PATH_DBSE] variable.
|
19-10-2018 - 15:40 | 14-12-2005 - 11:03 |