VYPR

Aiocp

by Tecnick

CVEs (11)

  • CVE-2009-4747Mar 26, 2010
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in public/code/cp_html2xhtmlbasic.php in All In One Control Panel (AIOCP) 1.4.001 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter, a different vector than CVE-2009-3220.

  • CVE-2009-3220Sep 16, 2009
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in cp_html2txt.php in All In One Control Panel (AIOCP) 1.4.001 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

  • CVE-2008-4782Oct 29, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in public/code/cp_polls_results.php in All In One Control Panel (AIOCP) 1.4 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter.

  • CVE-2006-5831Nov 10, 2006
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in admin/code/index.php in All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the load_page parameter.

  • CVE-2006-5829Nov 10, 2006
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) choosed_language parameter to (a) cp_dpage.php, (b) cp_news.php, (c) cp_forum_view.php, (d) cp_edit_user.php, (e)…

  • CVE-2006-5832Nov 10, 2006
    risk 0.03cvss epss 0.03

    All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to obtain the full path of the web server via certain requests to (1) public/code/cp_dpage.php, possibly involving the aiocp_dp[] parameter, (2) public/code/cp_show_ec_products.php, possibly involving…

  • CVE-2006-5830Nov 10, 2006
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topid, (2) forid, and (3) catid parameters to code/cp_forum_view.php; (4) choosed_language…

  • CVE-2007-3120Jun 7, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in public/code/cp_dpage.php in All In One Control Panel (AIOCP) before 1.3.017 allows remote attackers to inject arbitrary web script or HTML via the aiocp_dp parameter. NOTE: some of these details are obtained from third party…

  • CVE-2007-2624May 11, 2007
    risk 0.00cvss epss 0.01

    Dynamic variable evaluation vulnerability in shared/config/cp_config.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks via the SERVER superglobal array. NOTE: some of these details are…

  • CVE-2007-2625May 11, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in shared/code/cp_authorization.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: some of these details are obtained from third party…

  • CVE-2007-0365Jan 19, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.009 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this is probably a different vulnerability than CVE-2006-5830.