CVE-2006-5830
published 2006-11-10CVE-2006-5830: Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to inject arbitrary web…
PriorityP426medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.38%
81.8th percentile
Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topid, (2) forid, and (3) catid parameters to code/cp_forum_view.php; (4) choosed_language parameter to cp_dpage.php; (5) orderdir parameter to cp_links_search.php; (6) order_field parameter to (a) cp_show_ec_products.php and (b) cp_users_online.php; and the (7) signature and (8) fiscal code fields in the user profile.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aiocp | aiocp | — | — |
| aiocp | aiocp | — | — |
| aiocp | aiocp | — | — |
| aiocp | aiocp | — | — |
| aiocp | aiocp | — | — |
| aiocp | aiocp | — | — |
| aiocp | aiocp | — | — |
| aiocp | aiocp | — | — |
| nicola_asuni | all_in_one_control_panel | <= 1.3.009 | — |
| nicola_asuni | all_in_one_control_panel | — | — |
| nicola_asuni | all_in_one_control_panel | — | — |
| nicola_asuni | all_in_one_control_panel | — | — |
| nicola_asuni | all_in_one_control_panel | — | — |
| nicola_asuni | all_in_one_control_panel | — | — |
| nicola_asuni | all_in_one_control_panel | — | — |
| nicola_asuni | all_in_one_control_panel | — | — |
| nicola_asuni | all_in_one_control_panel | — | — |
| nicola_asuni | all_in_one_control_panel | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
AIOCP up to 1.3.007 Control Panel order_field cross site scripting (EDB-28918 / XFDB-30048)
vuldb·2026-04-27·CVSS 6.8
CVE-2006-5830 [MEDIUM] AIOCP up to 1.3.007 Control Panel order_field cross site scripting (EDB-28918 / XFDB-30048)
A vulnerability described as problematic has been identified in AIOCP up to 1.3.007. This affects an unknown function of the component Control Panel. Such manipulation of the argument order_field leads to basic cross site scripting.
This vulnerability is documented as CVE-2006-5830. The attack can be executed remotely. Additionally, an exploit exists.
GHSA
GHSA-v65c-q4pq-329p: Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1
ghsa_unreviewed·2022-05-01·CVSS 6.8
CVE-2007-0365 [MEDIUM] GHSA-v65c-q4pq-329p: Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1
Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.009 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this is probably a different vulnerability than CVE-2006-5830.
GHSA
GHSA-7r93-9v78-ccf2: Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1
ghsa_unreviewed·2022-05-01
CVE-2006-5830 [MEDIUM] GHSA-7r93-9v78-ccf2: Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1
Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topid, (2) forid, and (3) catid parameters to code/cp_forum_view.php; (4) choosed_language parameter to cp_dpage.php; (5) orderdir parameter to cp_links_search.php; (6) order_field parameter to (a) cp_show_ec_products.php and (b) cp_users_online.php; and the (7) signature and (8) fiscal code fields in the user profile.
No detection rules found.
Exploit-DB
AIOCP 1.3.x - 'cp_links_search.php' Cross-Site Scripting
exploitdb·2006-11-06
CVE-2006-5830 AIOCP 1.3.x - 'cp_links_search.php' Cross-Site Scripting
AIOCP 1.3.x - 'cp_links_search.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/20931/info
All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, access or modify sensitive data, execute arbitrary script code in the context of the application, compromise the application and possibly exploit latent vulnerabilities in the underlying system; other attacks are also possible.
AIOCP 1.3.007 and prior versions are vulnerable.
http://www.example.com/public/code/cp_links_search.php?orderdir='">alert(document.cookie)
Exploit-DB
AIOCP 1.3.x - 'cp_forum_view.php' Cross-Site Scripting
exploitdb·2006-11-06
CVE-2006-5830 AIOCP 1.3.x - 'cp_forum_view.php' Cross-Site Scripting
AIOCP 1.3.x - 'cp_forum_view.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/20931/info
All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, access or modify sensitive data, execute arbitrary script code in the context of the application, compromise the application and possibly exploit latent vulnerabilities in the underlying system; other attacks are also possible.
AIOCP 1.3.007 and prior versions are vulnerable.
http://www.example.com/public/code/cp_forum_view.php?fmode=top&topid='">alert(document.cookie)
http://www.example.com/public/code/cp_forum_view.php?fmod
Exploit-DB
AIOCP 1.3.x - 'cp_show_ec_products.php' Cross-Site Scripting
exploitdb·2006-11-06
CVE-2006-5830 AIOCP 1.3.x - 'cp_show_ec_products.php' Cross-Site Scripting
AIOCP 1.3.x - 'cp_show_ec_products.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/20931/info
All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, access or modify sensitive data, execute arbitrary script code in the context of the application, compromise the application and possibly exploit latent vulnerabilities in the underlying system; other attacks are also possible.
AIOCP 1.3.007 and prior versions are vulnerable.
http://www.example.com/public/code/cp_show_ec_products.php?order_field='">alert(document.cookie)
Exploit-DB
AIOCP 1.3.x - 'cp_dpage.php' Cross-Site Scripting
exploitdb·2006-11-06
CVE-2006-5830 AIOCP 1.3.x - 'cp_dpage.php' Cross-Site Scripting
AIOCP 1.3.x - 'cp_dpage.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/20931/info
All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, access or modify sensitive data, execute arbitrary script code in the context of the application, compromise the application and possibly exploit latent vulnerabilities in the underlying system; other attacks are also possible.
AIOCP 1.3.007 and prior versions are vulnerable.
http://www.example.com/public/code/cp_dpage.php?choosed_language='">alert(document.cookie)
Exploit-DB
AIOCP 1.3.x - 'cp_users_online.php' Cross-Site Scripting
exploitdb·2006-11-06
CVE-2006-5830 AIOCP 1.3.x - 'cp_users_online.php' Cross-Site Scripting
AIOCP 1.3.x - 'cp_users_online.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/20931/info
All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, access or modify sensitive data, execute arbitrary script code in the context of the application, compromise the application and possibly exploit latent vulnerabilities in the underlying system; other attacks are also possible.
AIOCP 1.3.007 and prior versions are vulnerable.
http://www.example.com/public/code/cp_users_online.php?order_field='">alert(document.cookie)
No writeups or analysis indexed.
http://secunia.com/advisories/22719http://securityreason.com/securityalert/1839http://sourceforge.net/project/shownotes.php?release_id=478370http://www.securityfocus.com/archive/1/450701/100/0/threadedhttp://www.securityfocus.com/bid/20931http://www.vupen.com/english/advisories/2006/4378https://exchange.xforce.ibmcloud.com/vulnerabilities/30045https://exchange.xforce.ibmcloud.com/vulnerabilities/30048http://secunia.com/advisories/22719http://securityreason.com/securityalert/1839http://sourceforge.net/project/shownotes.php?release_id=478370http://www.securityfocus.com/archive/1/450701/100/0/threadedhttp://www.securityfocus.com/bid/20931http://www.vupen.com/english/advisories/2006/4378https://exchange.xforce.ibmcloud.com/vulnerabilities/30045https://exchange.xforce.ibmcloud.com/vulnerabilities/30048
2006-11-10
Published