CVE-2006-5832

AIOCP <= 1.3.007 - Information Disclosure via Error Message Path Leak

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2006-5832. PoCs published by laurent gaffie.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and prior, including XSS, SQL injection, remote file inclusion, and full path disclosure. The PoC provides specific URLs with malicious payloads to exploit these issues.

Description

All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to obtain the full path of the web server via certain requests to (1) public/code/cp_dpage.php, possibly involving the aiocp_dp[] parameter, (2) public/code/cp_show_ec_products.php, possibly involving the order_field[] parameter, and (3) public/code/cp_show_page_help.php, possibly involving the hp[] parameter, which reveal the path in various error messages.

Exploits (3)

exploitdb WORKING POC VERIFIED
by laurent gaffie · textwebappsphp
https://www.exploit-db.com/exploits/28935

This exploit demonstrates multiple vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and prior, including XSS, SQL injection, remote file inclusion, and full path disclosure. The PoC provides specific URLs with malicious payloads to exploit these issues.

Classification
Working Poc 90%
Attack Type
Xss | Sqli | Info Leak | Other
Complexity
Trivial
Reliability
Reliable
Target: All In One Control Panel (AIOCP) 1.3.007 and prior
No auth needed
Prerequisites: Access to the target web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by laurent gaffie · textwebappsphp
https://www.exploit-db.com/exploits/28937

The provided text describes an input-validation vulnerability in All In One Control Panel (AIOCP) versions 1.3.007 and prior, which could lead to XSS or other attacks. The example URL demonstrates a potential vector but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: All In One Control Panel (AIOCP) <= 1.3.007
No auth needed
Prerequisites: Access to the vulnerable endpoint
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by laurent gaffie · textwebappsphp
https://www.exploit-db.com/exploits/28936

The provided text describes an input-validation vulnerability in All In One Control Panel (AIOCP) versions 1.3.007 and prior, which could lead to various attacks such as XSS or cookie theft. The example URL demonstrates a potential vector but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: All In One Control Panel (AIOCP) <= 1.3.007
No auth needed
Prerequisites: Access to the vulnerable endpoint
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30052
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/450701/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1839
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/20931

Scores

EPSS 0.0299
EPSS Percentile 85.5%

Details

Status published
Products (8)
aiocp/aiocp 1.3.000
aiocp/aiocp 1.3.001
aiocp/aiocp 1.3.002
aiocp/aiocp 1.3.003
aiocp/aiocp 1.3.004
aiocp/aiocp 1.3.005
aiocp/aiocp 1.3.006
aiocp/aiocp 1.3.007
Published Nov 10, 2006
Tracked Since Feb 18, 2026