CVE-2005-1384 Information

Description

Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to index.php (2) phpcoinsessid parameter to login.php (3) id (4) dtopic_id or (5) dcat_id to mod.php.

Reference

http://digitalparadox.org/viewadvisories.ah?view=36 http://marc.info/?l=bugtraq&m=111473522804665&w=2 http://pridels0.blogspot.com/2006/03/phpcoin-poc.html http://securitytracker.com/id?1013834 http://www.securityfocus.com/bid/13433 http://www.vupen.com/english/advisories/2005/0423 https://exchange.xforce.ibmcloud.com/vulnerabilities/20308