Published: 10/11/2006 Updated: 17/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 740

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Subscribe to Aiocp

Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) choosed_language parameter to (a) cp_dpage.php, (b) cp_news.php, (c) cp_forum_view.php, (d) cp_edit_user.php, (e) cp_newsletter.php, (f) cp_links.php, (g) cp_contact_us.php, (h) cp_login.php, and (i) cp_codice_fiscale.php in public/code/; (2) news_category parameter to public/code/cp_news.php; (3) nlmsg_nlcatid parameter to public/code/cp_newsletter.php; (4) links_category parameter to public/code/cp_links.php; (5) product_category_id parameter to public/code/cp_show_ec_products.php; (6) order_field parameter to public/code/cp_show_ec_products.php; (7) firstrow parameter to public/code/cp_users_online.php; and (8) orderdir parameter to public/code/cp_links_search.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
aiocp aiocp 1.3.003
aiocp aiocp 1.3.004
aiocp aiocp 1.3.005
aiocp aiocp 1.3.006
aiocp aiocp 1.3.001
aiocp aiocp 1.3.002
aiocp aiocp 1.3.000
aiocp aiocp

source: wwwsecurityfocuscom/bid/20931/info All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, access or modify sensitive data, ...

source: wwwsecurityfocuscom/bid/20931/info All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, access or mod ...

source: wwwsecurityfocuscom/bid/20931/info All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, access or modify se ...

source: wwwsecurityfocuscom/bid/20931/info All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, access or modify sensitive ...

source: wwwsecurityfocuscom/bid/20931/info All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, access or modify sensitive data ...

source: wwwsecurityfocuscom/bid/20931/info All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, access or modify ...

source: wwwsecurityfocuscom/bid/20931/info All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, access or modify sens ...

source: wwwsecurityfocuscom/bid/20931/info All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, access or modify sensitive da ...

source: wwwsecurityfocuscom/bid/20931/info All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, access or modify sensit ...

source: wwwsecurityfocuscom/bid/20931/info All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, access or modify sensitiv ...

source: wwwsecurityfocuscom/bid/20931/info All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, access or modify sensitive da ...

source: wwwsecurityfocuscom/bid/20931/info All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, access or modif ...

CWE-89 http://www.securityfocus.com/bid/20931 http://secunia.com/advisories/22719 http://sourceforge.net/project/shownotes.php?release_id=478370 http://securityreason.com/securityalert/1839 http://www.vupen.com/english/advisories/2006/4378 https://exchange.xforce.ibmcloud.com/vulnerabilities/30051 http://www.securityfocus.com/archive/1/450701/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/28923/

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook