| VID |
21797 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The phpCOIN software is vulnerable to multiple vulnerabilities which exist in version 1.2.2. phpCOIN is a free software package originally designed for web-hosting resellers to handle clients, orders, invoices, notes and helpdesk. phpCOIN version 1.2.2 is vulnerable to two vulnerabilities, which can be exploited by a remote attacker to conduct SQL injection attacks and compromise a vulnerable system below:
1) Input passed to the "_CCFG[_PKG_PATH_DBSE]" parameter in "config.php" isn't properly verified, before it is used to include files. If the register_globals setting is enabled, a remote, unauthenticated attacker can exploit this vulnerability to retrieve arbitrary files and to execute arbitrary PHP code on the vulnerable system with privileges of the Web server process.
2) Input passed to the "phpcoinsessid" cookie parameter isn't properly sanitized before being used in a SQL query. If the magic_quotes_gpc setting is disabled, this can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
* References:
http://forums.phpcoin.com/index.php?showtopic=5469
http://rgod.altervista.org/phpcoin122.html
http://rgod.altervista.org/phpcoin_122_sql_xpl.html
http://secunia.com/advisories/18030
http://securitytracker.com/id?1015345
http://www.frsirt.com/english/advisories/2005/2888
http://www.securityfocus.com/archive/1/archive/1/419382/100/0/threaded
* Platforms Affected:
phpCOIN version 1.2.2
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of phpCOIN (1.2.2 with the 2005-12-13 fix-file or later), available from the phpCOIN Download Web site at http://www.phpcoin.com/auxpage.php?page=download |
| Related URL |
CVE-2005-4211,CVE-2005-4212,CVE-2005-4213 (CVE) |
| Related URL |
15830,15831 (SecurityFocus) |
| Related URL |
(ISS) |
|
