CVE-2005-0946

Name of the Vulnerable Software and Affected Versions phpCoin versions 1.2.1b and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several fields, including the term/keywords field on the search page, the username or e-mail field on the forgot password page, or the domain name on the ordering new package page.

Recommendations For phpCoin versions 1.2.1b and earlier, consider restricting access to the search page, forgot password page, and ordering new package page until a fix is available. As a temporary workaround, avoid using the term/keywords, username, e-mail, and domain name fields in the respective pages.