SECUNIA ADVISORY ID: SA23740

VERIFY ADVISORY: http://secunia.com/advisories/23740/

CRITICAL: Moderately critical

IMPACT: Manipulation of data

SOFTWARE: All In One Control Panel 1.x - http://secunia.com/product/12505/

DESCRIPTION: Coloss has discovered some vulnerabilities in All In One Control Panel (AIOCP), which can be exploited by malicious people to conduct SQL injection attacks.

1) Input passed to the "xuser_name" parameter when logging in is not properly sanitised before being used in a SQL query within shared/code/cp_authorization.php. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation allows access to the administration section but requires that "magic_quotes_gpc" is disabled.

2) Input passed to the "did" parameter in public/code/cp_downloads.php is not properly sanitised before being used in a SQL query within shared/code/cp_functions_downloads.php. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "magic_quotes_gpc" is disabled.

The vulnerabilities are reported in version 1.3.009 and confirmed in version 1.3.010. Other versions may also be affected.

SOLUTION: Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY: Coloss