AIOCP Multiple Input Validation Vulnerabilities
BID:20931
Info
AIOCP Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 20931 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 06 2006 12:00AM |
| Updated: | Nov 07 2006 07:52PM |
| Credit: | laurent gaffi and benjamin moss are credited with the discovery of these vulnerabilities. |
| Vulnerable: |
AIOCP AIOCP 1.3.7 AIOCP AIOCP 1.3.6 AIOCP AIOCP 1.3.5 AIOCP AIOCP 1.3.4 |
| Not Vulnerable: | |
Discussion
AIOCP Multiple Input Validation Vulnerabilities
All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, access or modify sensitive data, execute arbitrary script code in the context of the application, compromise the application and possibly exploit latent vulnerabilities in the underlying system; other attacks are also possible.
AIOCP 1.3.007 and prior versions are vulnerable.
All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, access or modify sensitive data, execute arbitrary script code in the context of the application, compromise the application and possibly exploit latent vulnerabilities in the underlying system; other attacks are also possible.
AIOCP 1.3.007 and prior versions are vulnerable.
Exploit / POC
AIOCP Multiple Input Validation Vulnerabilities
An attacker can exploit these issues via a web client. In some cases, the attacker must entice a victim user to follow a malicious URI.
The following proof-of-concept URIs are available:
An attacker can exploit these issues via a web client. In some cases, the attacker must entice a victim user to follow a malicious URI.
The following proof-of-concept URIs are available:
Solution / Fix
AIOCP Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at:[email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at:[email protected]:[email protected].
References
AIOCP Multiple Input Validation Vulnerabilities
References:
References:
- AIOCP Homepage (AIOCP)
- AIOCP <=1.3.007 multiples vulnerabilities [sql , remote file include, xss] (saps.audit)