|
|
CVE Reference: CVE-2006-5832 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-5832 |
|
|
Description: All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to obtain the full path of the web server via certain requests to (1) public/code/cp_dpage.php, possibly involving the aiocp_dp[] parameter, (2) public/code/cp_show_ec_products.php, possibly involving the order_field[] parameter, and (3) public/code/cp_show_page_help.php, possibly involving the hp[] parameter, which reveal the path in various error messages. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/30052 SREASON http://securityreason.com/securityalert/1839 MISC http://sourceforge.net/project/shownotes.php?release_id=478370 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/450701/100/0/threaded BID 20931 |
|
| Return to the previous page. |
