CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2009-4747 – AIOCP 1.4.001 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2009-4747
PHP remote file inclusion vulnerability in public/code/cp_html2xhtmlbasic.php in All In One Control Panel (AIOCP) 1.4.001 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter, a different vector than CVE-2009-3220. Vulnerabilidad de inclusión remota de archivo PHP en public/code/cp_html2xhtmlbasic.php en All In One Control Panel (AIOCP) v1.4.001, permite a atacantes remotos ejecutar código PHP de su elección a través de la URL en el parámetro "page", es un vector distinto a CVE-2009-3220. • https://www.exploit-db.com/exploits/10057 http://www.securityfocus.com/archive/1/507030/100/0/threaded http://www.securityfocus.com/bid/36609 https://exchange.xforce.ibmcloud.com/vulnerabilities/53679 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2009-3220 – AIOCP 1.4 - 'cp_html2txt.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2009-3220
PHP remote file inclusion vulnerability in cp_html2txt.php in All In One Control Panel (AIOCP) 1.4.001 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. Vulnerabilidad de inclusión remota de archivo PHP en All In One Control Panel (AIOCP) v1.4.001 permite a atacantes remotos ejecutar código PHP de su elección a través de una URL en el parámetro page. • https://www.exploit-db.com/exploits/33111 http://www.securityfocus.com/archive/1/505250/100/0/threaded http://www.securityfocus.com/bid/35811 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2008-4782 – AIOCP 1.4 - 'poll_id' SQL Injection
https://notcve.org/view.php?id=CVE-2008-4782
SQL injection vulnerability in public/code/cp_polls_results.php in All In One Control Panel (AIOCP) 1.4 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter. Vulnerabilidad de inyección de SQL en public/code/cp_polls_results.php en All In One Control Panel (AIOCP) 1.4 permite a un atacante remoto ejecutar código SQL de su elección por medio del parámetro poll_id. • https://www.exploit-db.com/exploits/6854 https://www.exploit-db.com/exploits/32537 http://secunia.com/advisories/32431 http://securityreason.com/securityalert/4518 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •