Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

Multiple Vulnerabilities in phpCOIN 1.2.1b and older Vulnerability Scan

Vulnerability Scan Summary
Detects multiple vulnerabilities in phpCOIN 1.2.1b and older

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP application affected by several

Description :

The remote host is running phpCOIN version 1.2.1b or older. These
versions suffer from several vulnerabilities, among them :

- A Local File Include Vulnerability
A possible hacker can execute arbitrary code in the context of the
web server user by passing the name of a script or file through
the 'page' parameter of the 'auxpage.php' script.

- Multiple SQL injection vulnerabilities.
By calling the 'faq' module with a specially crafted
'faq_id' parameter or the 'pages' or 'site' modules with a
specially crafted 'id' parameter, a remote attacker may be
able to manipulate SQL queries used by the program, thereby
revealing sensitive information or even corrupting the

- Multiple cross-site scripting vulnerabilities.
A remote attacker may be able to inject arbitrary code
into the 'helpdesk' and 'mail' modules as well as the
'login.php' script by appending it to a valid request.
Successful exploitation may allow a possible hacker to steal
authentication cookies or misrepresent site content.

See also :

Solution :

Apply the 2005-03-14 fix file or later for phpCOIN v1.2.2.

Threat Level:

Medium / CVSS Base Score : 6

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.