All In One Control Panel (AIOCP) cp_edit_user.php choosed_language Variable SQL Injection

2006-11-06T05:33:57
ID OSVDB:30627
Type osvdb
Reporter OSVDB
Modified 2006-11-06T05:33:57

Description

Manual Testing Notes

/public/code/cp_edit_user.php?choosed_language=[sql]

References:

Secunia Advisory ID:22719 Related OSVDB ID: 30624 Related OSVDB ID: 30629 Related OSVDB ID: 30635 Related OSVDB ID: 30626 Related OSVDB ID: 30631 Related OSVDB ID: 30618 Related OSVDB ID: 30628 Related OSVDB ID: 30633 Related OSVDB ID: 30634 Related OSVDB ID: 30614 Related OSVDB ID: 30625 Related OSVDB ID: 30630 Related OSVDB ID: 30632 Other Advisory URL: http://sourceforge.net/project/shownotes.php?release_id=478370 Other Advisory URL: http://s-a-p.ca/index.php?page=OurAdvisories&id=3 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0080.html ISS X-Force ID: 30051 FrSIRT Advisory: ADV:2006-4378 CVE-2006-5829 Bugtraq ID: 20931