CVE-2007-0316

Name of the Vulnerable Software and Affected Versions: All In One Control Panel (AIOCP) versions 1.3.010 and earlier

Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the xuser name parameter to "shared/code/cp authorization.php" and the did parameter to "public/code/cp downloads.php".

Recommendations: For All In One Control Panel (AIOCP) versions 1.3.010 and earlier, consider disabling the magic quotes gpc setting to mitigate the risk of SQL injection attacks. As a temporary workaround, restrict access to the shared/code/cp authorization.php and public/code/cp downloads.php scripts until a patch is available. Avoid using the xuser name and did parameters in the affected scripts until the issue is resolved.