PT-2005-4902 · Phpcoin · Phpcoin
Published
2005-12-14
·
Updated
2018-10-19
·
CVE-2005-4214
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
phpCOIN version 1.2.2
Description
The issue allows remote attackers to obtain the installation path via a direct request to "config.php". This occurs because the
CCFG[' PKG PATH DBSE'] variable is not defined, resulting in the path being leaked in an error message.Recommendations
For phpCOIN version 1.2.2, consider defining the
CCFG[' PKG PATH DBSE'] variable to prevent the installation path from being leaked in error messages. As a temporary workaround, restrict access to the "config.php" file to minimize the risk of exploitation.Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpcoin