CVE-2006-5832
published 2006-11-10CVE-2006-5832: All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to obtain the full path of the web server via certain requests to (1)…
PriorityP427medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
3.01%
85.7th percentile
All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to obtain the full path of the web server via certain requests to (1) public/code/cp_dpage.php, possibly involving the aiocp_dp[] parameter, (2) public/code/cp_show_ec_products.php, possibly involving the order_field[] parameter, and (3) public/code/cp_show_page_help.php, possibly involving the hp[] parameter, which reveal the path in various error messages.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aiocp | aiocp | — | — |
| aiocp | aiocp | — | — |
| aiocp | aiocp | — | — |
| aiocp | aiocp | — | — |
| aiocp | aiocp | — | — |
| aiocp | aiocp | — | — |
| aiocp | aiocp | — | — |
| aiocp | aiocp | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
AIOCP up to 1.3.007 Error Message hp[] information disclosure (EDB-28936 / XFDB-30052)
vuldb·2026-04-27·CVSS 5.0
CVE-2006-5832 [MEDIUM] AIOCP up to 1.3.007 Error Message hp[] information disclosure (EDB-28936 / XFDB-30052)
A vulnerability classified as problematic was found in AIOCP up to 1.3.007. Affected is an unknown function of the component Error Message Handler. Executing a manipulation of the argument hp[] can lead to information disclosure.
This vulnerability appears as CVE-2006-5832. The attack may be performed from remote. In addition, an exploit is available.
GHSA
GHSA-r73v-34jr-349h: All In One Control Panel (AIOCP) 1
ghsa_unreviewed·2022-05-01
CVE-2006-5832 [MEDIUM] GHSA-r73v-34jr-349h: All In One Control Panel (AIOCP) 1
All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to obtain the full path of the web server via certain requests to (1) public/code/cp_dpage.php, possibly involving the aiocp_dp[] parameter, (2) public/code/cp_show_ec_products.php, possibly involving the order_field[] parameter, and (3) public/code/cp_show_page_help.php, possibly involving the hp[] parameter, which reveal the path in various error messages.
No detection rules found.
Exploit-DB
AIOCP 1.3.x - Multiple Vulnerabilities
exploitdb·2006-11-06
CVE-2006-5832 AIOCP 1.3.x - Multiple Vulnerabilities
AIOCP 1.3.x - Multiple Vulnerabilities
---
source: https://www.securityfocus.com/bid/20931/info
All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, access or modify sensitive data, execute arbitrary script code in the context of the application, compromise the application and possibly exploit latent vulnerabilities in the underlying system; other attacks are also possible.
AIOCP 1.3.007 and prior versions are vulnerable.
Cross-site scripting =
-
http://www.example.com/public/code/cp_forum_view.php?fmode=top&topid= '"> alert(document.cookie)
-
http://www.example.com/public/code/cp_forum
Exploit-DB
AIOCP 1.3.x - 'cp_show_page_help.php' Full Path Disclosure
exploitdb·2006-11-06
CVE-2006-5832 AIOCP 1.3.x - 'cp_show_page_help.php' Full Path Disclosure
AIOCP 1.3.x - 'cp_show_page_help.php' Full Path Disclosure
---
source: https://www.securityfocus.com/bid/20931/info
All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, access or modify sensitive data, execute arbitrary script code in the context of the application, compromise the application and possibly exploit latent vulnerabilities in the underlying system; other attacks are also possible.
AIOCP 1.3.007 and prior versions are vulnerable.
http://www.example.com/public/code/cp_show_page_help.php?hp[]=
Exploit-DB
AIOCP 1.3.x - 'cp_show_ec_products.php' Full Path Disclosure
exploitdb·2006-11-06
CVE-2006-5832 AIOCP 1.3.x - 'cp_show_ec_products.php' Full Path Disclosure
AIOCP 1.3.x - 'cp_show_ec_products.php' Full Path Disclosure
---
source: https://www.securityfocus.com/bid/20931/info
All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, access or modify sensitive data, execute arbitrary script code in the context of the application, compromise the application and possibly exploit latent vulnerabilities in the underlying system; other attacks are also possible.
AIOCP 1.3.007 and prior versions are vulnerable.
http://www.example.com/public/code/cp_show_ec_products.php?order_field[]=
No writeups or analysis indexed.
http://securityreason.com/securityalert/1839http://sourceforge.net/project/shownotes.php?release_id=478370http://www.securityfocus.com/archive/1/450701/100/0/threadedhttp://www.securityfocus.com/bid/20931https://exchange.xforce.ibmcloud.com/vulnerabilities/30052http://securityreason.com/securityalert/1839http://sourceforge.net/project/shownotes.php?release_id=478370http://www.securityfocus.com/archive/1/450701/100/0/threadedhttp://www.securityfocus.com/bid/20931https://exchange.xforce.ibmcloud.com/vulnerabilities/30052
2006-11-10
Published