CVE-2007-0316
published 2007-01-18CVE-2007-0316: Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.010 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.98%
78.0th percentile
Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.010 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) xuser_name parameter to shared/code/cp_authorization.php, and the (2) did parameter to public/code/cp_downloads.php, different vectors than CVE-2007-0223.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| all_in_one_control_panel | all_in_one_control_panel | <= 1.3.010 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-0316 [HIGH] ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name DELETE
ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name DELETE"; flow:established,to_server; http.uri; content:"/shared/code/cp_authorization.php?"; nocase; content:"xuser_name="; nocase; pcre:"/DELETE.+FROM/i"; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; classtype:web-application-attack; sid:2005576; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic
Suricata
ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-0316 [HIGH] ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did UPDATE
ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did UPDATE"; flow:established,to_server; http.uri; content:"/public/code/cp_downloads.php?"; nocase; content:"did="; nocase; pcre:"/UPDATE.+SET/i"; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; classtype:web-application-attack; sid:2005584; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_name Init
Suricata
ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0316 [HIGH] ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did UNION SELECT
ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did UNION SELECT"; flow:established,to_server; http.uri; content:"/public/code/cp_downloads.php?"; nocase; content:"did="; nocase; pcre:"/UNION\s+SELECT/i"; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; classtype:web-application-attack; sid:2005580; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_t
Suricata
ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-0316 [HIGH] ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did ASCII
ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did ASCII"; flow:established,to_server; http.uri; content:"/public/code/cp_downloads.php?"; nocase; content:"did="; nocase; pcre:"/ASCII\(.+SELECT/i"; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; classtype:web-application-attack; sid:2005583; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_name In
Suricata
ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-0316 [HIGH] ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name ASCII
ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name ASCII"; flow:established,to_server; http.uri; content:"/shared/code/cp_authorization.php?"; nocase; content:"xuser_name="; nocase; pcre:"/ASCII\(.+SELECT/i"; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; classtype:web-application-attack; sid:2005577; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tacti
Suricata
ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-0316 [HIGH] ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name UPDATE
ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name UPDATE"; flow:established,to_server; http.uri; content:"/shared/code/cp_authorization.php?"; nocase; content:"xuser_name="; nocase; pcre:"/UPDATE.+SET/i"; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; classtype:web-application-attack; sid:2005578; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_
Suricata
ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0316 [HIGH] ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name UNION SELECT
ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name UNION SELECT"; flow:established,to_server; http.uri; content:"/shared/code/cp_authorization.php?"; nocase; content:"xuser_name="; nocase; pcre:"/UNION\s+SELECT/i"; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; classtype:web-application-attack; sid:2005574; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10
Suricata
ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0316 [HIGH] ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did SELECT
ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did SELECT"; flow:established,to_server; http.uri; content:"/public/code/cp_downloads.php?"; nocase; content:"did="; nocase; pcre:"/SELECT.+FROM/i"; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; classtype:web-application-attack; sid:2005579; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_name Ini
Suricata
ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0316 [HIGH] ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did INSERT
ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did INSERT"; flow:established,to_server; http.uri; content:"/public/code/cp_downloads.php?"; nocase; content:"did="; nocase; pcre:"/INSERT.+INTO/i"; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; classtype:web-application-attack; sid:2005581; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_name Ini
Suricata
ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0316 [HIGH] ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name INSERT
ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name INSERT"; flow:established,to_server; http.uri; content:"/shared/code/cp_authorization.php?"; nocase; content:"xuser_name="; nocase; pcre:"/INSERT.+INTO/i"; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; classtype:web-application-attack; sid:2005575; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic
Suricata
ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-0316 [HIGH] ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did DELETE
ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did DELETE"; flow:established,to_server; http.uri; content:"/public/code/cp_downloads.php?"; nocase; content:"did="; nocase; pcre:"/DELETE.+FROM/i"; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; classtype:web-application-attack; sid:2005582; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_name Ini
Suricata
ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0316 [HIGH] ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name SELECT
ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name SELECT"; flow:established,to_server; http.uri; content:"/shared/code/cp_authorization.php?"; nocase; content:"xuser_name="; nocase; pcre:"/SELECT.+FROM/i"; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; classtype:web-application-attack; sid:2005573; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic
No writeups or analysis indexed.
http://osvdb.org/32809http://osvdb.org/32810http://secunia.com/advisories/23740http://securityreason.com/securityalert/2166http://www.securityfocus.com/archive/1/456741http://www.securityfocus.com/archive/1/456742http://www.securityfocus.com/bid/22032http://www.vupen.com/english/advisories/2007/0190https://exchange.xforce.ibmcloud.com/vulnerabilities/31485http://osvdb.org/32809http://osvdb.org/32810http://secunia.com/advisories/23740http://securityreason.com/securityalert/2166http://www.securityfocus.com/archive/1/456741http://www.securityfocus.com/archive/1/456742http://www.securityfocus.com/bid/22032http://www.vupen.com/english/advisories/2007/0190https://exchange.xforce.ibmcloud.com/vulnerabilities/31485
2007-01-18
Published