aiocp 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk sql injection and vendor risk cross-site scripting があり、vendor surface production workloads and vendor surface software deployment の利用場面で vendor impact data exposure などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2008-4782 | SQL injection vulnerability in public/code/cp_polls_results.php in All In One Control Panel (AIOCP) 1.4 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter. | [email protected] | 7.5 | 1.01% | 2008-10-29 | 2026-04-23 |
| CVE-2007-3120 | Cross-site scripting (XSS) vulnerability in public/code/cp_dpage.php in All In One Control Panel (AIOCP) before 1.3.017 allows remote attackers to inject arbitrary web script or HTML via the aiocp_dp parameter. NOTE: some of these details are obtained from third party information. | [email protected] | 4.3 | 1.22% | 2007-06-07 | 2026-04-23 |
| CVE-2007-2625 | Cross-site scripting (XSS) vulnerability in shared/code/cp_authorization.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: some of these details are obtained from third party information. | [email protected] | 6.8 | 1.13% | 2007-05-11 | 2026-04-23 |
| CVE-2007-2624 | Dynamic variable evaluation vulnerability in shared/config/cp_config.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks via the SERVER superglobal array. NOTE: some of these details are obtained from third party information. | [email protected] | 6.8 | 1.38% | 2007-05-11 | 2026-04-23 |
| CVE-2006-5832 | All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to obtain the full path of the web server via certain requests to (1) public/code/cp_dpage.php, possibly involving the aiocp_dp[] parameter, (2) public/code/cp_show_ec_products.php, possibly involving the order_field[] parameter, and (3) public/code/cp_show_page_help.php, possibly involving the hp[] parameter, which reveal the path in various error messages. | [email protected] | 5.0 | 2.99% | 2006-11-10 | 2026-04-23 |
| CVE-2006-5831 | PHP remote file inclusion vulnerability in admin/code/index.php in All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the load_page parameter. | [email protected] | 7.5 | 2.74% | 2006-11-10 | 2026-04-23 |
| CVE-2006-5830 | Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topid, (2) forid, and (3) catid parameters to code/cp_forum_view.php; (4) choosed_language parameter to cp_dpage.php; (5) orderdir parameter to cp_links_search.php; (6) order_field parameter to (a) cp_show_ec_products.php and (b) cp_users_online.php; and the (7) signature and (8) fiscal code fields in the user profil | [email protected] | 6.8 | 2.36% | 2006-11-10 | 2026-04-23 |
| CVE-2006-5829 | Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) choosed_language parameter to (a) cp_dpage.php, (b) cp_news.php, (c) cp_forum_view.php, (d) cp_edit_user.php, (e) cp_newsletter.php, (f) cp_links.php, (g) cp_contact_us.php, (h) cp_login.php, and (i) cp_codice_fiscale.php in public/code/; (2) news_category parameter to public/code/cp_news.php; (3) nlmsg_nlcatid parameter to public/cod | [email protected] | 6.8 | 1.16% | 2006-11-10 | 2026-04-23 |