Network Security News – Saturday, April 02, 2005 Events
phpCOIN Search Engine SQL Injection
phpCOIN contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that user-supplied input in the 'Search For' field is not verified properly and will allow a remote attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15160
phpCOIN auxpage.php Traversal Arbitrary File Access
phpCOIN contains a flaw that allows a remote attacker to arbitrary access files outside of the web path. The issue is due to the 'auxpage.php' script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'page' variable.. Read more at osvdb.org/15163
phpCOIN Forgotten Password Request SQL Injection
phpCOIN contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that user-supplied input in the 'username' and 'email' fields when requesting a forgotten password are not verified properly and will allow a remote attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15162
phpCOIN Product Order SQL Injection
phpCOIN contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that user-supplied input in the 'Domain Name' field when ordering a product is not verified properly and will allow a remote attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15161
Leave a Reply