Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) choosed_language parameter to (a) cp_dpage.php, (b) cp_news.php, (c) cp_forum_view.php, (d) cp_edit_user.php, (e) cp_newsletter.php, (f) cp_links.php, (g) cp_contact_us.php, (h) cp_login.php, and (i) cp_codice_fiscale.php in public/code/; (2) news_category parameter to public/code/cp_news.php; (3) nlmsg_nlcatid parameter to public/code/cp_newsletter.php; (4) links_category parameter to public/code/cp_links.php; (5) product_category_id parameter to public/code/cp_show_ec_products.php; (6) order_field parameter to public/code/cp_show_ec_products.php; (7) firstrow parameter to public/code/cp_users_online.php; and (8) orderdir parameter to public/code/cp_links_search.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
All In One Control Panel 多个SQL注入漏洞
Vulnerability Description
All In One Control Panel (AIOCP)存在多个SQL注入漏洞,远程攻击者可通过传给public/code/中的(a)cp_dpage.php,(b)cp_news.php,(c)cp_forum_view.php,(d)cp_edit_user.php,(e)cp_newsletter.php,(f)cp_links.php,(g)cp_contact_us.php,(h)cp_login.php和(i)cp_codice_fiscale.php的(1) choosed_lang
CVSS Information
N/A
Vulnerability Type
N/A