CVE-2006-5832

AIOCP 1.3.x - 'cp_show_ec_products.php' Full Path Disclosure

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to obtain the full path of the web server via certain requests to (1) public/code/cp_dpage.php, possibly involving the aiocp_dp[] parameter, (2) public/code/cp_show_ec_products.php, possibly involving the order_field[] parameter, and (3) public/code/cp_show_page_help.php, possibly involving the hp[] parameter, which reveal the path in various error messages.

All In One Control Panel (AIOCP) 1.3.007 y versiones anteriores permite a atacantes remotos obtener la ruta completa al servidor secuencias de comandos web o HTML de su elección mediante peticiones concretas a (1) public/code/cp_dpage.php, posiblemente involucrando al parámetro aiocp_dp[], (2) public/code/cp_show_ec_products.php, posiblemente involucrando al parámetro order_field[], y (3) public/code/cp_show_page_help.php, posiblemente involucrando al parámetro hp[], que revela la ruta en varios mensajes de error.

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-11-06 First Exploit
2006-11-09 CVE Reserved
2006-11-10 CVE Published
2023-09-13 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (8)

URL	Tag	Source
http://securityreason.com/securityalert/1839	Third Party Advisory
http://sourceforge.net/project/shownotes.php?release_id=478370	X_refsource_misc
http://www.securityfocus.com/archive/1/450701/100/0/threaded	Mailing List
https://exchange.xforce.ibmcloud.com/vulnerabilities/30052	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/28936	2006-11-06
https://www.exploit-db.com/exploits/28937	2006-11-06
https://www.exploit-db.com/exploits/28935	2006-11-06
http://www.securityfocus.com/bid/20931	2024-08-07

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Aiocp Search vendor "Aiocp"		Aiocp Search vendor "Aiocp" for product "Aiocp"				1.3.000 Search vendor "Aiocp" for product "Aiocp" and version "1.3.000"		-		Affected
Aiocp Search vendor "Aiocp"		Aiocp Search vendor "Aiocp" for product "Aiocp"				1.3.001 Search vendor "Aiocp" for product "Aiocp" and version "1.3.001"		-		Affected
Aiocp Search vendor "Aiocp"		Aiocp Search vendor "Aiocp" for product "Aiocp"				1.3.002 Search vendor "Aiocp" for product "Aiocp" and version "1.3.002"		-		Affected
Aiocp Search vendor "Aiocp"		Aiocp Search vendor "Aiocp" for product "Aiocp"				1.3.003 Search vendor "Aiocp" for product "Aiocp" and version "1.3.003"		-		Affected
Aiocp Search vendor "Aiocp"		Aiocp Search vendor "Aiocp" for product "Aiocp"				1.3.004 Search vendor "Aiocp" for product "Aiocp" and version "1.3.004"		-		Affected
Aiocp Search vendor "Aiocp"		Aiocp Search vendor "Aiocp" for product "Aiocp"				1.3.005 Search vendor "Aiocp" for product "Aiocp" and version "1.3.005"		-		Affected
Aiocp Search vendor "Aiocp"		Aiocp Search vendor "Aiocp" for product "Aiocp"				1.3.006 Search vendor "Aiocp" for product "Aiocp" and version "1.3.006"		-		Affected
Aiocp Search vendor "Aiocp"		Aiocp Search vendor "Aiocp" for product "Aiocp"				1.3.007 Search vendor "Aiocp" for product "Aiocp" and version "1.3.007"		-		Affected