Vulnerabilities > CVE-2006-5830 - Input Validation vulnerability in AIOCP

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
aiocp
exploit available

Summary

Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topid, (2) forid, and (3) catid parameters to code/cp_forum_view.php; (4) choosed_language parameter to cp_dpage.php; (5) orderdir parameter to cp_links_search.php; (6) order_field parameter to (a) cp_show_ec_products.php and (b) cp_users_online.php; and the (7) signature and (8) fiscal code fields in the user profile.

Exploit-Db

  • descriptionAIOCP 1.3.x cp_users_online.php order_field Parameter XSS. CVE-2006-5830. Webapps exploit for php platform
    idEDB-ID:28920
    last seen2016-02-03
    modified2006-11-06
    published2006-11-06
    reporterlaurent gaffie
    sourcehttps://www.exploit-db.com/download/28920/
    titleAIOCP 1.3.x cp_users_online.php order_field Parameter XSS
  • descriptionAIOCP 1.3.x cp_dpage.php choosed_language Parameter XSS. CVE-2006-5830. Webapps exploit for php platform
    idEDB-ID:28918
    last seen2016-02-03
    modified2006-11-06
    published2006-11-06
    reporterlaurent gaffie
    sourcehttps://www.exploit-db.com/download/28918/
    titleAIOCP 1.3.x cp_dpage.php choosed_language Parameter XSS
  • descriptionAIOCP 1.3.x cp_show_ec_products.php order_field Parameter XSS. CVE-2006-5830. Webapps exploit for php platform
    idEDB-ID:28919
    last seen2016-02-03
    modified2006-11-06
    published2006-11-06
    reporterlaurent gaffie
    sourcehttps://www.exploit-db.com/download/28919/
    titleAIOCP 1.3.x cp_show_ec_products.php order_field Parameter XSS
  • descriptionAIOCP 1.3.x cp_forum_view.php Multiple Parameter XSS. CVE-2006-5830. Webapps exploit for php platform
    idEDB-ID:28917
    last seen2016-02-03
    modified2006-11-06
    published2006-11-06
    reporterlaurent gaffie
    sourcehttps://www.exploit-db.com/download/28917/
    titleAIOCP 1.3.x cp_forum_view.php Multiple Parameter XSS
  • descriptionAIOCP 1.3.x cp_links_search.php orderdir Parameter XSS. CVE-2006-5830. Webapps exploit for php platform
    idEDB-ID:28921
    last seen2016-02-03
    modified2006-11-06
    published2006-11-06
    reporterlaurent gaffie
    sourcehttps://www.exploit-db.com/download/28921/
    titleAIOCP 1.3.x cp_links_search.php orderdir Parameter XSS