CVE-2005-4212

Name of the Vulnerable Software and Affected Versions phpCOIN version 1.2.2

Description The issue allows remote attackers to read arbitrary local files due to a directory traversal vulnerability. This is achieved by using ".." (dot dot) sequences in the $ CCFG[ PKG PATH DBSE] variable in the coin includes/db.php file.

Recommendations For phpCOIN version 1.2.2, consider restricting access to the coin includes/db.php file or validating and sanitizing the $ CCFG[ PKG PATH DBSE] variable to prevent directory traversal attacks. As a temporary workaround, restrict the use of the $ CCFG[ PKG PATH DBSE] variable until a patch is available.