Multiple Remote Input-Validation Vulnerabilities

vendor:

phpCOIN

by:

SecurityFocus

8.8

CVSS

HIGH

Multiple Remote Input-Validation Vulnerabilities

20, 79

CWE

Product Name: phpCOIN

Affected Version From: phpCOIN 1.2.0

Affected Version To: phpCOIN 1.2.2

Patch Exists: YES

Related CWE: N/A

CPE: a:phpcoin:phpcoin

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

Multiple Remote Input-Validation Vulnerabilities

Multiple remote input-validation vulnerabilities affect phpCOIN because the application fails to properly sanitize user-supplied input before using it to carry out critical functionality. An attacker may leverage these issues to manipulate and view arbitrary database contents (by exploiting various SQL-injection issues) and to run arbitrary script code in the browser of an unsuspecting user (by exploiting multiple cross-site scripting vulnerabilities).

Mitigation:

Input validation should be used to ensure that untrusted data is not used to execute unintended commands.

Source

Multiple Remote Input-Validation Vulnerabilities

Mitigation:

Exploit-DB raw data: