CVE-2006-5829 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-5829
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-5829

Description: Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) choosed_language parameter to (a) cp_dpage.php, (b) cp_news.php, (c) cp_forum_view.php, (d) cp_edit_user.php, (e) cp_newsletter.php, (f) cp_links.php, (g) cp_contact_us.php, (h) cp_login.php, and (i) cp_codice_fiscale.php in public/code/; (2) news_category parameter to public/code/cp_news.php; (3) nlmsg_nlcatid parameter to public/code/cp_newsletter.php; (4) links_category parameter to public/code/cp_links.php; (5) product_category_id parameter to public/code/cp_show_ec_products.php; (6) order_field parameter to public/code/cp_show_ec_products.php; (7) firstrow parameter to public/code/cp_users_online.php; and (8) orderdir parameter to public/code/cp_links_search.php.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/30051 SREASON http://securityreason.com/securityalert/1839 SAID Secunia Advisory: SA22719 MISC http://sourceforge.net/project/shownotes.php?release_id=478370 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/450701/100/0/threaded BID 20931

Return to the previous page.