QwikSec

Security Database

CVE

CWE

Training

CVE-2005-0669

Published: Mar 7, 2005

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 through 1.2.1b allow remote attackers to execute arbitrary SQL commands via the (1) the faq_id in the faq mod, (2) the id parameter in the pages mod, (3) the id parameter in the siteinfo module, (4) the topic_id parameter in the articles module, (5) the ord_id in the orders module, (6) the dom_id parameter in the domains module, or (7) the invd_id parameter in the invoices module.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

http://forums.phpcoin.com/index.php?showtopic=4118

x_refsource_CONFIRM

http://lostmon.blogspot.com/2005/03/phpcoin-posible-sql-injection-comands.html

x_refsource_MISC

phpcoin-id-sql-injection(19571)

vdb-entry

x_refsource_XF

http://forums.phpcoin.com/index.php?showtopic=4101

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

vdb-entry

x_refsource_BID

http://forums.phpcoin.com/index.php?showtopic=4116

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.