phpCOIN Email Address Information Disclosure Vulnerability
BID:17959
CVE-2006-2422 |Info
phpCOIN Email Address Information Disclosure Vulnerability
| Bugtraq ID: | 17959 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 12 2006 12:00AM |
| Updated: | Dec 22 2006 12:02AM |
| Credit: | captainpovey is credited with the discovery of this vulnerability. |
| Vulnerable: |
phpCOIN phpCOIN 1.2.2 phpCOIN phpCOIN 1.2.1 b phpCOIN phpCOIN 1.2.1 phpCOIN phpCOIN 1.2 |
| Not Vulnerable: | |
Discussion
phpCOIN Email Address Information Disclosure Vulnerability
phpCOIN is prone to an information-disclosure vulnerability. This issue is due to a failure in the application to properly validate user-supplied input.
An attacker can exploit this issue to retrieve the contents of arbitrary messages.
phpCOIN is prone to an information-disclosure vulnerability. This issue is due to a failure in the application to properly validate user-supplied input.
An attacker can exploit this issue to retrieve the contents of arbitrary messages.
Exploit / POC
phpCOIN Email Address Information Disclosure Vulnerability
To exploit this issue, an attacker must acquire the email addresses used to send messages to users of the application.
To exploit this issue, an attacker must acquire the email addresses used to send messages to users of the application.
Solution / Fix
phpCOIN Email Address Information Disclosure Vulnerability
Solution:
The vendor has addressed this issue in the latest CVS release. Contact the vendor for details on obtaining the appropriate updates.
Solution:
The vendor has addressed this issue in the latest CVS release. Contact the vendor for details on obtaining the appropriate updates.
References
phpCOIN Email Address Information Disclosure Vulnerability
References:
References:
- phpCOIN Forum (phpCOIN)
- phpCOIN Home Page (phpCOIN)