CVE-2005-4214

Name of the Vulnerable Software and Affected Versions phpCOIN version 1.2.2

Description The issue allows remote attackers to obtain the installation path via a direct request to "config.php". This occurs because the CCFG[' PKG PATH DBSE'] variable is not defined, resulting in the path being leaked in an error message.

Recommendations For phpCOIN version 1.2.2, consider defining the CCFG[' PKG PATH DBSE'] variable to prevent the installation path from being leaked in error messages. As a temporary workaround, restrict access to the "config.php" file to minimize the risk of exploitation.