Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and previous versions allow remote malicious users to execute arbitrary SQL commands (1) via the search engine, (2) the username or email fields in the "forgotten password" feature, or (3) the domain name in a package order.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
coinsoft technologies phpcoin 1.2 |
||
coinsoft technologies phpcoin 1.2.1b |
||
coinsoft technologies phpcoin 1.2.1 |