>> phpCOIN "My Account" Email Address Handling Message Disclosure Vulnerability
Title : phpCOIN "My Account" Email Address Handling Message Disclosure Vulnerability VUPEN ID : VUPEN/ADV-2006-1788 CVE ID : CVE-2006-2422
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2006-05-12
Technical Description
A vulnerability has been identified in phpCOIN, which could be exploited by attackers to bypass security restrictions and gain knowledge of sensitive information. This flaw is due to an error in the "My Account" page that does not properly verify email addresses associated with a user before displaying the list of messages sent to or from an email address, which could be exploited by attackers to gain unauthorized access to other users' messages.
