Approved changes feed: RSS · Atom
cpe:2.3:a:aiocp:aiocp:1.3.004:*:*:*:*:*:*:*
part: a version: 1.3.004 update: *
| Vendor | Aiocp (5932eef4-7823-56fd-b5d2-5f2415a1dfa6) |
|---|---|
| Product | Aiocp (e9bb6f00-92cc-5e94-9d62-4da8ac97bb5f) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2007-3120 |
vulnerable | 2026-06-08 04:49:53.288672 |
Details available
Cross-site scripting (XSS) vulnerability in public/code/cp_dpage.php in All In One Control Panel (AIOCP) before 1.3.017 allows remote attackers to inject arbitrary web script or HTML via the aiocp_dp parameter. NOTE: some of these details are obtained from third party information.
Published: 2007-06-07T21:00:00.000Z
Updated: 2024-08-07T14:05:28.283Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2006-5832 |
vulnerable | 2026-06-08 04:49:21.405285 |
Details available
All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to obtain the full path of the web server via certain requests to (1) public/code/cp_dpage.php, possibly involving the aiocp_dp[] parameter, (2) public/code/cp_show_ec_products.php, possibly involving the order_field[] parameter, and (3) public/code/cp_show_page_help.php, possibly involving the hp[] parameter, which reveal the path in various error messages.
Published: 2006-11-10T01:00:00.000Z
Updated: 2024-08-07T20:04:55.578Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2006-5831 |
vulnerable | 2026-06-08 04:49:21.404776 |
Details available
PHP remote file inclusion vulnerability in admin/code/index.php in All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the load_page parameter.
Published: 2006-11-10T01:00:00.000Z
Updated: 2024-08-07T20:04:55.557Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2006-5830 |
vulnerable | 2026-06-08 04:49:21.402650 |
Details available
Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topid, (2) forid, and (3) catid parameters to code/cp_forum_view.php; (4) choosed_language parameter to cp_dpage.php; (5) orderdir parameter to cp_links_search.php; (6) order_field parameter to (a) cp_show_ec_products.php and (b) cp_users_online.php; and the (7) signature and (8) fiscal code fields in the user profile.
Published: 2006-11-10T01:00:00.000Z
Updated: 2024-08-07T20:04:55.563Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2006-5829 |
vulnerable | 2026-06-08 04:49:21.400720 |
Details available
Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) choosed_language parameter to (a) cp_dpage.php, (b) cp_news.php, (c) cp_forum_view.php, (d) cp_edit_user.php, (e) cp_newsletter.php, (f) cp_links.php, (g) cp_contact_us.php, (h) cp_login.php, and (i) cp_codice_fiscale.php in public/code/; (2) news_category parameter to public/code/cp_news.php; (3) nlmsg_nlcatid parameter to public/code/cp_newsletter.php; (4) links_category parameter to public/code/cp_links.php; (5) product_category_id parameter to public/code/cp_show_ec_products.php; (6) order_field parameter to public/code/cp_show_ec_products.php; (7) firstrow parameter to public/code/cp_users_online.php; and (8) orderdir parameter to public/code/cp_links_search.php.
Published: 2006-11-10T01:00:00.000Z
Updated: 2024-08-07T20:04:55.642Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.