CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2008-4782 – AIOCP 1.4 - 'poll_id' SQL Injection
https://notcve.org/view.php?id=CVE-2008-4782
29 Oct 2008 — SQL injection vulnerability in public/code/cp_polls_results.php in All In One Control Panel (AIOCP) 1.4 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter. Vulnerabilidad de inyección de SQL en public/code/cp_polls_results.php en All In One Control Panel (AIOCP) 1.4 permite a un atacante remoto ejecutar código SQL de su elección por medio del parámetro poll_id. • https://www.exploit-db.com/exploits/6854 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0CVE-2007-3120
https://notcve.org/view.php?id=CVE-2007-3120
07 Jun 2007 — Cross-site scripting (XSS) vulnerability in public/code/cp_dpage.php in All In One Control Panel (AIOCP) before 1.3.017 allows remote attackers to inject arbitrary web script or HTML via the aiocp_dp parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el public/code/cp_dpage.php del Panel de Control Todo en Uno (AIOCP) anterior a la versión 1.3.017 permite a atacantes remotos la inyección de secuencias de coma... • http://osvdb.org/35533 •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-2624
https://notcve.org/view.php?id=CVE-2007-2624
11 May 2007 — Dynamic variable evaluation vulnerability in shared/config/cp_config.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks via the SERVER superglobal array. NOTE: some of these details are obtained from third party information. Vulnerabilidad de evaluación de variable dinámica en shared/config/cp_config.php de All In One Control Panel (AIOCP) versiones anteriores a 1.3.016 permite a atacantes remotos llevar a cabo secu... • http://osvdb.org/35534 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2625
https://notcve.org/view.php?id=CVE-2007-2625
11 May 2007 — Cross-site scripting (XSS) vulnerability in shared/code/cp_authorization.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: some of these details are obtained from third party information. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en shared/code/cp_authorization.php en All In One Control Panel (AIOCP) anterior a 1.3.016 permite a atacantes remotos inyectar secuencias de comandos web o ... • http://osvdb.org/35535 •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 13CVE-2006-5829 – AIOCP 1.3.x - 'cp_codice_fiscale.php' SQL Injection
https://notcve.org/view.php?id=CVE-2006-5829
10 Nov 2006 — Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) choosed_language parameter to (a) cp_dpage.php, (b) cp_news.php, (c) cp_forum_view.php, (d) cp_edit_user.php, (e) cp_newsletter.php, (f) cp_links.php, (g) cp_contact_us.php, (h) cp_login.php, and (i) cp_codice_fiscale.php in public/code/; (2) news_category parameter to public/code/cp_news.php; (3) nlmsg_nlcatid parameter to public/code/cp_newslet... • https://www.exploit-db.com/exploits/28933 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 3%CPEs: 8EXPL: 4CVE-2006-5832 – AIOCP 1.3.x - 'cp_show_ec_products.php' Full Path Disclosure
https://notcve.org/view.php?id=CVE-2006-5832
10 Nov 2006 — All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to obtain the full path of the web server via certain requests to (1) public/code/cp_dpage.php, possibly involving the aiocp_dp[] parameter, (2) public/code/cp_show_ec_products.php, possibly involving the order_field[] parameter, and (3) public/code/cp_show_page_help.php, possibly involving the hp[] parameter, which reveal the path in various error messages. All In One Control Panel (AIOCP) 1.3.007 y versiones anteriores permite a ... • https://www.exploit-db.com/exploits/28936 •
CVSS: 6.8EPSS: 2%CPEs: 8EXPL: 6CVE-2006-5830 – AIOCP 1.3.x - 'cp_dpage.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-5830
10 Nov 2006 — Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topid, (2) forid, and (3) catid parameters to code/cp_forum_view.php; (4) choosed_language parameter to cp_dpage.php; (5) orderdir parameter to cp_links_search.php; (6) order_field parameter to (a) cp_show_ec_products.php and (b) cp_users_online.php; and the (7) signature and (8) fiscal code fields in the user profile. Múltiples... • https://www.exploit-db.com/exploits/28918 •
CVSS: 9.8EPSS: 8%CPEs: 8EXPL: 2CVE-2006-5831 – AIOCP 1.3.x - 'load_page' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-5831
10 Nov 2006 — PHP remote file inclusion vulnerability in admin/code/index.php in All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the load_page parameter. Vulnerabilidad de inclusión remota de archivo en PHP en admin/code/index.php de All In One Control Panel (AIOCP) 1.3.007 y versiones anteriores permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro load_page. • https://www.exploit-db.com/exploits/28922 •