Title: phpCOIN Email Address Information Disclosure Vulnerability
Severity: MODERATE
Description:
phpCOIN is an application for client, order, and helpdesk management; it is implemented in PHP.
phpCOIN is prone to an information-disclosure vulnerability. This issue is due to a failure in the application to properly validate user-supplied input.
By design, the application references stored messages by the email address of the sender. However, the application fails to check whether the email address supplied when a user adds or changes their email address currently references other messages. When the email address is added, any currently referenced messages will be disclosed to the user.
An attacker can exploit this issue to retrieve the contents of arbitrary messages.
Affected Products:
- phpCOIN phpCOIN 1.2.0
- phpCOIN phpCOIN 1.2.1
- phpCOIN phpCOIN 1.2.1 b
- phpCOIN phpCOIN 1.2.2
References:
- phpCOIN: phpCOIN Forum
- phpCOIN: phpCOIN Home Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
