CVE-2007-0223
published 2007-01-13CVE-2007-0223: SQL injection vulnerability in shared/code/cp_functions_downloads.php in Nicola Asuni All In One Control Panel (AIOCP) before 1.3.009 allows remote attackers…
PriorityP335high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.10%
61.4th percentile
SQL injection vulnerability in shared/code/cp_functions_downloads.php in Nicola Asuni All In One Control Panel (AIOCP) before 1.3.009 allows remote attackers to execute arbitrary SQL commands via the download_category parameter.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| all_in_one_control_panel | all_in_one_control_panel | <= 1.3.010 | — |
| nicola_asuni | all_in_one_control_panel | — | — |
| nicola_asuni | all_in_one_control_panel | — | — |
| nicola_asuni | all_in_one_control_panel | — | — |
| nicola_asuni | all_in_one_control_panel | — | — |
| nicola_asuni | all_in_one_control_panel | — | — |
| nicola_asuni | all_in_one_control_panel | — | — |
| nicola_asuni | all_in_one_control_panel | — | — |
| nicola_asuni | all_in_one_control_panel | — | — |
| nicola_asuni | all_in_one_control_panel | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c967-x6rp-m9rq: Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-0316 [HIGH] GHSA-c967-x6rp-m9rq: Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1
Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.010 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) xuser_name parameter to shared/code/cp_authorization.php, and the (2) did parameter to public/code/cp_downloads.php, different vectors than CVE-2007-0223.
GHSA
GHSA-3pvv-2pww-83m6: SQL injection vulnerability in shared/code/cp_functions_downloads
ghsa_unreviewed·2022-05-01
CVE-2007-0223 [HIGH] GHSA-3pvv-2pww-83m6: SQL injection vulnerability in shared/code/cp_functions_downloads
SQL injection vulnerability in shared/code/cp_functions_downloads.php in Nicola Asuni All In One Control Panel (AIOCP) before 1.3.009 allows remote attackers to execute arbitrary SQL commands via the download_category parameter.
Suricata
ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-0223 [HIGH] ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category UPDATE
ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category UPDATE"; flow:established,to_server; http.uri; content:"/shared/code/cp_functions_downloads.php?"; nocase; content:"download_category="; nocase; content:"UPDATE"; nocase; pcre:"/UPDATE.+SET/i"; reference:cve,CVE-2007-0223; reference:url,www.secunia.com/advisories/23726; classtype:web-application-attack; sid:2005680; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confiden
Suricata
ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-0223 [HIGH] ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category DELETE
ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category DELETE"; flow:established,to_server; http.uri; content:"/shared/code/cp_functions_downloads.php?"; nocase; content:"download_category="; nocase; content:"DELETE"; nocase; pcre:"/DELETE.+FROM/i"; reference:cve,CVE-2007-0223; reference:url,www.secunia.com/advisories/23726; classtype:web-application-attack; sid:2005678; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confide
Suricata
ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0223 [HIGH] ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category SELECT
ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category SELECT"; flow:established,to_server; http.uri; content:"/shared/code/cp_functions_downloads.php?"; nocase; content:"download_category="; nocase; content:"SELECT"; nocase; pcre:"/SELECT.+FROM/i"; reference:cve,CVE-2007-0223; reference:url,www.secunia.com/advisories/23726; classtype:web-application-attack; sid:2005675; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confide
Suricata
ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0223 [HIGH] ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category UNION SELECT
ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category UNION SELECT"; flow:established,to_server; http.uri; content:"/shared/code/cp_functions_downloads.php?"; nocase; content:"download_category="; nocase; content:"UNION"; nocase; pcre:"/UNION\s+SELECT/i"; reference:cve,CVE-2007-0223; reference:url,www.secunia.com/advisories/23726; classtype:web-application-attack; sid:2005676; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datace
Suricata
ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-0223 [HIGH] ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category ASCII
ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category ASCII"; flow:established,to_server; http.uri; content:"/shared/code/cp_functions_downloads.php?"; nocase; content:"download_category="; nocase; content:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/i"; reference:cve,CVE-2007-0223; reference:url,www.secunia.com/advisories/23726; classtype:web-application-attack; sid:2005679; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confid
Suricata
ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0223 [HIGH] ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category INSERT
ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category INSERT"; flow:established,to_server; http.uri; content:"/shared/code/cp_functions_downloads.php?"; nocase; content:"download_category="; nocase; content:"INSERT"; nocase; pcre:"/INSERT.+INTO/i"; reference:cve,CVE-2007-0223; reference:url,www.secunia.com/advisories/23726; classtype:web-application-attack; sid:2005677; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confide
No public exploits indexed.
No writeups or analysis indexed.
http://osvdb.org/31641http://secunia.com/advisories/23726http://sourceforge.net/project/shownotes.php?release_id=477845http://www.securityfocus.com/bid/22019https://exchange.xforce.ibmcloud.com/vulnerabilities/31591http://osvdb.org/31641http://secunia.com/advisories/23726http://sourceforge.net/project/shownotes.php?release_id=477845http://www.securityfocus.com/bid/22019https://exchange.xforce.ibmcloud.com/vulnerabilities/31591
2007-01-13
Published