Mlk

**Name of the Vulnerable Software and Affected Versions** phpCOIN version 1.2.1 **Description** The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the mod.php file. This is achieved by using a .. (dot dot) in the `mod` parameter. **Recommendations** For phpCOIN version 1.2.1, consider restricting access to the mod.php file until a patch is available. As a temporary workaround, avoid using the `mod` parameter with unvalidated input to minimize the risk of exploitation.