CVE-2005-1384

Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to index.php, (2) phpcoinsessid parameter to login.php, (3) id, (4) dtopic_id, or (5) dcat_id to mod.php.

Published: May 3, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-1384
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
coinsoft_technologies / phpcoin	1.2.1	1.2.1.x
coinsoft_technologies / phpcoin	1.2.1b	1.2.1b.x
coinsoft_technologies / phpcoin	1.2	1.2.x

http://digitalparadox.org/viewadvisories.ah?view=36
http://marc.info/?l=bugtraq&m=111473522804665&w=2
http://pridels0.blogspot.com/2006/03/phpcoin-poc.html
http://securitytracker.com/id?1013834
http://www.securityfocus.com/bid/13433
http://www.vupen.com/english/advisories/2005/0423
https://exchange.xforce.ibmcloud.com/vulnerabilities/20308

Vulnerability Database

290,020

CVE-2005-1384