CVE-2005-0669

Name of the Vulnerable Software and Affected Versions phpCOIN versions 1.2.0 through 1.2.1b

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters in different modules, including faq id in the faq mod, id in the pages mod, id in the siteinfo module, topic id in the articles module, ord id in the orders module, dom id in the domains module, or invd id in the invoices module.

Recommendations For phpCOIN versions 1.2.0 through 1.2.1b, consider restricting access to the mod.php file until a patch is available. As a temporary workaround, avoid using the vulnerable parameters faq id, id, topic id, ord id, dom id, and invd id in their respective modules. At the moment, there is no information about a newer version that contains a fix for this issue.