CVE-2005-1384
published 2005-05-03CVE-2005-1384: Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to index.php, (2)…
PriorityP338high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.73%
84.3th percentile
Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to index.php, (2) phpcoinsessid parameter to login.php, (3) id, (4) dtopic_id, or (5) dcat_id to mod.php.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| coinsoft_technologies | phpcoin | — | — |
| coinsoft_technologies | phpcoin | — | — |
| coinsoft_technologies | phpcoin | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
phpCOIN 1.2 - 'login.php?PHPcoinsessid' SQL Injection
exploitdb·2005-04-28
CVE-2005-1384 phpCOIN 1.2 - 'login.php?PHPcoinsessid' SQL Injection
phpCOIN 1.2 - 'login.php?PHPcoinsessid' SQL Injection
---
source: https://www.securityfocus.com/bid/13433/info
PHPCoin is reportedly affected by multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
http://www.example.com/login.php?w=user&o=login&phpcoinsessid=SQL_INJECTION'
Exploit-DB
phpCOIN 1.2 Pages Module - Multiple SQL Injections
exploitdb·2005-04-28
CVE-2005-1384 phpCOIN 1.2 Pages Module - Multiple SQL Injections
phpCOIN 1.2 Pages Module - Multiple SQL Injections
---
source: https://www.securityfocus.com/bid/13433/info
PHPCoin is reportedly affected by multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
http://www.example.com/mod.php?mod=pages&mode=list&dtopic_id=SQL_INJECTION'&phpcoinsessid=fa7905a749dbdc698838930de0f99f4b
http://www.example.com/mod.php?mod=pages&mode=list&dcat_id=SQL_INJECTION'&phpcoinsessid=fa7905a749dbdc698838930de0f99f4b
No writeups or analysis indexed.
http://digitalparadox.org/viewadvisories.ah?view=36http://marc.info/?l=bugtraq&m=111473522804665&w=2http://pridels0.blogspot.com/2006/03/phpcoin-poc.htmlhttp://securitytracker.com/id?1013834http://www.securityfocus.com/bid/13433http://www.vupen.com/english/advisories/2005/0423https://exchange.xforce.ibmcloud.com/vulnerabilities/20308http://digitalparadox.org/viewadvisories.ah?view=36http://marc.info/?l=bugtraq&m=111473522804665&w=2http://pridels0.blogspot.com/2006/03/phpcoin-poc.htmlhttp://securitytracker.com/id?1013834http://www.securityfocus.com/bid/13433http://www.vupen.com/english/advisories/2005/0423https://exchange.xforce.ibmcloud.com/vulnerabilities/20308
2005-05-03
Published