CVE Vulnerabilities

CVE-2006-5832

Published: Nov 10, 2006 | Modified: Nov 21, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to obtain the full path of the web server via certain requests to (1) public/code/cp_dpage.php, possibly involving the aiocp_dp[] parameter, (2) public/code/cp_show_ec_products.php, possibly involving the order_field[] parameter, and (3) public/code/cp_show_page_help.php, possibly involving the hp[] parameter, which reveal the path in various error messages.

Affected Software

Name Vendor Start Version End Version
Aiocp Aiocp 1.3.000 (including) 1.3.000 (including)
Aiocp Aiocp 1.3.001 (including) 1.3.001 (including)
Aiocp Aiocp 1.3.002 (including) 1.3.002 (including)
Aiocp Aiocp 1.3.003 (including) 1.3.003 (including)
Aiocp Aiocp 1.3.004 (including) 1.3.004 (including)
Aiocp Aiocp 1.3.005 (including) 1.3.005 (including)
Aiocp Aiocp 1.3.006 (including) 1.3.006 (including)
Aiocp Aiocp 1.3.007 (including) 1.3.007 (including)

References