CVE-2006-5830

Name of the Vulnerable Software and Affected Versions: All In One Control Panel (AIOCP) versions 1.3.007 and earlier

Description: The issue allows remote attackers to inject arbitrary web script or HTML via several parameters, including topid, forid, and catid to "code/cp forum view.php", choosed language to "cp dpage.php", orderdir to "cp links search.php", order field to "cp show ec products.php" and "cp users online.php", and the signature and fiscal code fields in the user profile.

Recommendations: For All In One Control Panel (AIOCP) versions 1.3.007 and earlier, consider disabling the affected parameters, such as topid, forid, catid, choosed language, orderdir, order field, signature, and fiscal code, until a patch is available. Restrict access to the vulnerable scripts, including "code/cp forum view.php", "cp dpage.php", "cp links search.php", "cp show ec products.php", and "cp users online.php", to minimize the risk of exploitation.