All In One Control Panel SQL Injection Vulnerability
BID:22019
Info
All In One Control Panel SQL Injection Vulnerability
| Bugtraq ID: | 22019 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-0223 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 11 2007 12:00AM |
| Updated: | May 12 2015 07:35PM |
| Credit: | This issue was disclosed by the vendor. |
| Vulnerable: |
AIOCP AIOCP 1.3.6 AIOCP AIOCP 1.3.5 AIOCP AIOCP 1.3.4 |
| Not Vulnerable: |
AIOCP AIOCP 1.3.9 |
Discussion
All In One Control Panel SQL Injection Vulnerability
All In One Control Panel is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
All In One Control Panel versions prior to 1.3.009 are vulnerable to this issue.
All In One Control Panel is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
All In One Control Panel versions prior to 1.3.009 are vulnerable to this issue.
Exploit / POC
Solution / Fix
All In One Control Panel SQL Injection Vulnerability
Solution:
The vendor has released version 1.3.009 to address this issue. Please see the referenced advisories for more information.
Solution:
The vendor has released version 1.3.009 to address this issue. Please see the referenced advisories for more information.
References
All In One Control Panel SQL Injection Vulnerability
References:
References:
- AIOCP 1.3.009 ChangeLog (AIOCP)
- AIOCP Homepage (AIOCP)