VULHUB ™

All In One Control Panel (AIOCP)存在多个SQL注入漏洞，远程攻击者可通过传给public/code/中的(a)cp_dpage.php，(b)cp_news.php，(c)cp_forum_view.php，(d)cp_edit_user.php，(e)cp_newsletter.php，(f)cp_links.php，(g)cp_contact_us.php，(h)cp_login.php和(i)cp_codice_fiscale.php的(1) choosed_language 参数；传给public/code/cp_news.php的(2)news_category参数；传给public/code/cp_newsletter.php的(3)nlmsg_nlcatid参数；传给public/code/cp_links.php的(4)links_category参数；传给public/code/cp_show_ec_products.php的(5)product_category_id参数；传给public/code/cp_show_ec_products.php的(6)order_field参数；传给public/code/cp_users_online.php的(7)firstrow参数；和传给public/code/cp_links_search.php的(8)orderdir参数，来执行任意SQL命令。

All In One Control Panel (AIOCP)存在多个SQL注入漏洞，远程攻击者可通过传给public/code/中的(a)cp_dpage.php，(b)cp_news.php，(c)cp_forum_view.php，(d)cp_edit_user.php，(e)cp_newsletter.php，(f)cp_links.php，(g)cp_contact_us.php，(h)cp_login.php和(i)cp_codice_fiscale.php的(1) choosed_language 参数；传给public/code/cp_news.php的(2)news_category参数；传给public/code/cp_newsletter.php的(3)nlmsg_nlcatid参数；传给public/code/cp_links.php的(4)links_category参数；传给public/code/cp_show_ec_products.php的(5)product_category_id参数；传给public/code/cp_show_ec_products.php的(6)order_field参数；传给public/code/cp_users_online.php的(7)firstrow参数；和传给public/code/cp_links_search.php的(8)orderdir参数，来执行任意SQL命令。