CVE-2006-5829

Published Nov 10, 2006

Last updated 3 months ago

CVSS info 6.8

Overview

Description: Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) choosed_language parameter to (a) cp_dpage.php, (b) cp_news.php, (c) cp_forum_view.php, (d) cp_edit_user.php, (e) cp_newsletter.php, (f) cp_links.php, (g) cp_contact_us.php, (h) cp_login.php, and (i) cp_codice_fiscale.php in public/code/; (2) news_category parameter to public/code/cp_news.php; (3) nlmsg_nlcatid parameter to public/code/cp_newsletter.php; (4) links_category parameter to public/code/cp_links.php; (5) product_category_id parameter to public/code/cp_show_ec_products.php; (6) order_field parameter to public/code/cp_show_ec_products.php; (7) firstrow parameter to public/code/cp_users_online.php; and (8) orderdir parameter to public/code/cp_links_search.php.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:aiocp:aiocp:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4109CB8F-99E6-4B78-8DD0-DDFA6DA49B0B",
            "versionEndIncluding": "1.3.007"
          },
          {
            "criteria": "cpe:2.3:a:aiocp:aiocp:1.3.000:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7D4D34B-5856-449E-B146-0414B01E357B"
          },
          {
            "criteria": "cpe:2.3:a:aiocp:aiocp:1.3.001:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9CBBE828-3E9C-4267-B315-DD57054F1450"
          },
          {
            "criteria": "cpe:2.3:a:aiocp:aiocp:1.3.002:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA2A2CE9-4A2F-40F4-81D7-B090900129FE"
          },
          {
            "criteria": "cpe:2.3:a:aiocp:aiocp:1.3.003:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "389615A9-6D11-4555-98FE-B4969DECF50C"
          },
          {
            "criteria": "cpe:2.3:a:aiocp:aiocp:1.3.004:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63B0794D-0766-4A11-9613-1568E3A20446"
          },
          {
            "criteria": "cpe:2.3:a:aiocp:aiocp:1.3.005:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BCBD2F9E-97C0-456B-8475-862241DF437D"
          },
          {
            "criteria": "cpe:2.3:a:aiocp:aiocp:1.3.006:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06C22893-1E2F-48B2-B571-358145734B8F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References