Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to obtain the full path of the web server via certain requests to (1) public/code/cp_dpage.php, possibly involving the aiocp_dp[] parameter, (2) public/code/cp_show_ec_products.php, possibly involving the order_field[] parameter, and (3) public/code/cp_show_page_help.php, possibly involving the hp[] parameter, which reveal the path in various error messages.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
AIOCP多个输入验证漏洞
Vulnerability Description
All In One Control Panel (AIOCP)存在输入验证漏洞。远程攻击者可以通过某些对(1) public/code/cp_dpage.php(可能涉及aiocp_dp[]参数),(2)public/code/cp_show_ec_products.php(可能涉及order_field[]参数),和(3)public/code/cp_show_page_help.php(可能涉及hp[]参数)的请求,导致系统在各种错误消息中泄漏路径,从而获取web服务器的完整路径。
CVSS Information
N/A
Vulnerability Type
N/A