Vulnerability Description
SQL injection vulnerability in phpCoin 1.2.1b and earlier allows remote attackers to execute arbitrary SQL commands via the (1) term/keywords field on the search page, (2) username or (3) e-mail field on the forgot password page, or (4) domain name on the ordering new package page.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Coinsoft Technologies | Phpcoin | 1.2 |
References
- http://marc.info/?l=bugtraq&m=111214190111520&w=2
- http://www.gulftech.org/?node=research&article_id=00065-03292005
- http://www.securityfocus.com/bid/12917Patch
- http://marc.info/?l=bugtraq&m=111214190111520&w=2
- http://www.gulftech.org/?node=research&article_id=00065-03292005
- http://www.securityfocus.com/bid/12917Patch
FAQ
What is CVE-2005-0946?
CVE-2005-0946 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in phpCoin 1.2.1b and earlier allows remote attackers to execute arbitrary SQL commands via the (1) term/keywords field on the search page, (2) username or (3) e-mail field...
How severe is CVE-2005-0946?
CVE-2005-0946 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0946?
Check the references section above for vendor advisories and patch information. Affected products include: Coinsoft Technologies Phpcoin.