PT-2005-1971 · Phpcoin · Phpcoin

James Bercegay

Published

2005-03-29

Updated

2016-10-18

CVE-2005-0946

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions phpCoin versions 1.2.1b and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several fields, including the term/keywords field on the search page, the username or e-mail field on the forgot password page, or the domain name on the ordering new package page.

Recommendations For phpCoin versions 1.2.1b and earlier, consider restricting access to the search page, forgot password page, and ordering new package page until a fix is available. As a temporary workaround, avoid using the term/keywords, username, e-mail, and domain name fields in the respective pages.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-0946

Affected Products

Phpcoin

PT-2005-1971 · Phpcoin · Phpcoin

CVE-2005-0946

Related Identifiers

Affected Products

References · 4