Vulnerability Details CVE-2005-4214
phpCOIN 1.2.2 allows remote attackers to obtain the installation path via a direct request to config.php, which leaks the path in an error message because the _CCFG['_PKG_PATH_DBSE'] variable is not defined.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.5%
CVSS Severity
CVSS v2 Score 5.0
References
- http://forums.phpcoin.com/index.php?showtopic=5469
- http://rgod.altervista.org/phpcoin122.html
- http://rgod.altervista.org/phpcoin_122_sql_xpl.html
- http://secunia.com/advisories/18030
- http://securitytracker.com/id?1015345
- http://www.osvdb.org/21726
- http://www.securityfocus.com/archive/1/419382/100/0/threaded
- http://www.vupen.com/english/advisories/2005/2888
- http://forums.phpcoin.com/index.php?showtopic=5469
- http://rgod.altervista.org/phpcoin122.html
- http://rgod.altervista.org/phpcoin_122_sql_xpl.html
- http://secunia.com/advisories/18030
- http://securitytracker.com/id?1015345
- http://www.osvdb.org/21726
- http://www.securityfocus.com/archive/1/419382/100/0/threaded
- http://www.vupen.com/english/advisories/2005/2888
Products affected by CVE-2005-4214
-
cpe:2.3:a:coinsoft_technologies:phpcoin:1.2.2