CVE-2006-4425 Information

Description

Multiple PHP remote file inclusion vulnerabilities in phpCOIN 1.2.3 allow remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter in coin_includes scripts including (1) api.php (2) common.php (3) core.php (4) custom.php (5) db.php (6) redirect.php or (7) session_set.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Reference

http://secunia.com/advisories/21624 http://www.osvdb.org/28219 http://www.osvdb.org/28220 http://www.osvdb.org/28221 http://www.osvdb.org/28222 http://www.osvdb.org/28223 http://www.osvdb.org/28224 http://www.osvdb.org/28225 http://www.vupen.com/english/advisories/2006/3385 https://exchange.xforce.ibmcloud.com/vulnerabilities/28572