CVE-2006-2422

Name of the Vulnerable Software and Affected Versions phpCOIN versions 1.2.3 and earlier

Description The issue allows remote authenticated users to read messages for other users by adding the sender's e-mail address as an "additional contact". This occurs because phpCOIN stores messages based upon e-mail addresses.

Recommendations For phpCOIN versions 1.2.3 and earlier, consider restricting access to the message storage functionality to prevent unauthorized users from reading messages intended for others. As a temporary workaround, avoid using the "additional contact" feature until a patch is available.