CVE-2006-4425

Name of the Vulnerable Software and Affected Versions phpCOIN version 1.2.3

Description The issue allows remote attackers to execute arbitrary PHP code via the CCFG[ PKG PATH INCL] parameter in various coin includes scripts, including "api.php", "common.php", "core.php", "custom.php", "db.php", "redirect.php", and "session set.php".

Recommendations For phpCOIN version 1.2.3, consider restricting access to the vulnerable scripts, including "api.php", "common.php", "core.php", "custom.php", "db.php", "redirect.php", and "session set.php", to minimize the risk of exploitation. Avoid using the CCFG[ PKG PATH INCL] parameter in these scripts until the issue is resolved.