{"api_version":"1","generated_at":"2026-05-11T16:44:01+00:00","cve":"CVE-2005-1384","urls":{"html":"https://cve.report/CVE-2005-1384","api":"https://cve.report/api/cve/CVE-2005-1384.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2005-1384","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2005-1384"},"summary":{"title":"CVE-2005-1384","description":"Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to index.php, (2) phpcoinsessid parameter to login.php, (3) id, (4) dtopic_id, or (5) dcat_id to mod.php.","state":"PUBLISHED","assigner":"mitre","published_at":"2005-05-03 04:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://pridels0.blogspot.com/2006/03/phpcoin-poc.html","name":"http://pridels0.blogspot.com/2006/03/phpcoin-poc.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"- UNSECURED SYSTEMS -: phpcoin p.o.c.","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/13433","name":"http://www.securityfocus.com/bid/13433","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"PHPCoin Multiple SQL Injection Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/20308","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/20308","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2005/0423","name":"http://www.vupen.com/english/advisories/2005/0423","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://digitalparadox.org/viewadvisories.ah?view=36","name":"http://digitalparadox.org/viewadvisories.ah?view=36","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://marc.info/?l=bugtraq&m=111473522804665&w=2","name":"http://marc.info/?l=bugtraq&m=111473522804665&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"'Multiple Sql injections in phpCoin v1.2.2 and below' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1013834","name":"http://securitytracker.com/id?1013834","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityTracker.com Archives - phpCOIN Input Validation Holes in 'login.php' and 'mod.php' Let Remote Users Inject SQL Commands","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2005-1384","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2005-1384","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2005","cve_id":"1384","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"coinsoft_technologies","cpe5":"phpcoin","cpe6":"1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2005","cve_id":"1384","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"coinsoft_technologies","cpe5":"phpcoin","cpe6":"1.2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2005","cve_id":"1384","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"coinsoft_technologies","cpe5":"phpcoin","cpe6":"1.2.1b","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T21:51:48.949Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"phpcoin-multiple-sql-injection(20308)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/20308"},{"name":"20050428 Multiple Sql injections in phpCoin v1.2.2 and below","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=111473522804665&w=2"},{"name":"1013834","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1013834"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://pridels0.blogspot.com/2006/03/phpcoin-poc.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://digitalparadox.org/viewadvisories.ah?view=36"},{"name":"13433","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/13433"},{"name":"ADV-2005-0423","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2005/0423"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2005-04-28T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to index.php, (2) phpcoinsessid parameter to login.php, (3) id, (4) dtopic_id, or (5) dcat_id to mod.php."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-10T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"phpcoin-multiple-sql-injection(20308)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/20308"},{"name":"20050428 Multiple Sql injections in phpCoin v1.2.2 and below","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://marc.info/?l=bugtraq&m=111473522804665&w=2"},{"name":"1013834","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1013834"},{"tags":["x_refsource_MISC"],"url":"http://pridels0.blogspot.com/2006/03/phpcoin-poc.html"},{"tags":["x_refsource_MISC"],"url":"http://digitalparadox.org/viewadvisories.ah?view=36"},{"name":"13433","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/13433"},{"name":"ADV-2005-0423","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2005/0423"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2005-1384","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to index.php, (2) phpcoinsessid parameter to login.php, (3) id, (4) dtopic_id, or (5) dcat_id to mod.php."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"phpcoin-multiple-sql-injection(20308)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/20308"},{"name":"20050428 Multiple Sql injections in phpCoin v1.2.2 and below","refsource":"BUGTRAQ","url":"http://marc.info/?l=bugtraq&m=111473522804665&w=2"},{"name":"1013834","refsource":"SECTRACK","url":"http://securitytracker.com/id?1013834"},{"name":"http://pridels0.blogspot.com/2006/03/phpcoin-poc.html","refsource":"MISC","url":"http://pridels0.blogspot.com/2006/03/phpcoin-poc.html"},{"name":"http://digitalparadox.org/viewadvisories.ah?view=36","refsource":"MISC","url":"http://digitalparadox.org/viewadvisories.ah?view=36"},{"name":"13433","refsource":"BID","url":"http://www.securityfocus.com/bid/13433"},{"name":"ADV-2005-0423","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2005/0423"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2005-1384","datePublished":"2005-05-02T04:00:00.000Z","dateReserved":"2005-05-02T00:00:00.000Z","dateUpdated":"2024-08-07T21:51:48.949Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2005-05-03 04:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:coinsoft_technologies:phpcoin:1.2:*:*:*:*:*:*:*","matchCriteriaId":"14FDCCE7-B76F-42EA-BD82-11D35AAED66E"},{"vulnerable":true,"criteria":"cpe:2.3:a:coinsoft_technologies:phpcoin:1.2.1:*:*:*:*:*:*:*","matchCriteriaId":"C84AC0DD-109D-4E44-9673-668238545F05"},{"vulnerable":true,"criteria":"cpe:2.3:a:coinsoft_technologies:phpcoin:1.2.1b:*:*:*:*:*:*:*","matchCriteriaId":"8FECE4E8-3258-48E7-8F3A-F564512442CC"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2005","CveId":"1384","Ordinal":"1","Title":"CVE-2005-1384","CVE":"CVE-2005-1384","Year":"2005"},"notes":[{"CveYear":"2005","CveId":"1384","Ordinal":"1","NoteData":"Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to index.php, (2) phpcoinsessid parameter to login.php, (3) id, (4) dtopic_id, or (5) dcat_id to mod.php.","Type":"Description","Title":"CVE-2005-1384"},{"CveYear":"2005","CveId":"1384","Ordinal":"2","NoteData":"2005-05-02","Type":"Other","Title":"Published"},{"CveYear":"2005","CveId":"1384","Ordinal":"3","NoteData":"2017-07-10","Type":"Other","Title":"Modified"}]}}}