Hosting Controller: >> Hosting Controller >> 6.1_hotfix_2.8 Security Vulnerabilities
Unspecified vulnerability in Hosting Controller before 6.1 (aka Hotfix 3.2) allows remote authenticated attackers to gain host admin privileges, list all resellers, or change resellers' passwords via unspecified vectors. NOTE: due to the lack of precise details, it is not clear whether this is related to a previously disclosed issue such as CVE-2005-1788.
CVSS Score
6.5
EPSS Score
0.014
Published
2006-06-22
Hosting Controller 6.1 stores forum/db/forum.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as user name and password credentials. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVSS Score
7.8
EPSS Score
0.004
Published
2006-04-13
SQL injection vulnerability in Hosting Controller 6.1 Hotfix 2.8 allows remote authenticated users to execute arbitrary SQL commands via the (1) GatewayID parameter in an add action in AddGatewaySettings.asp and (2) IP parameter in IPManager.asp.
CVSS Score
6.5
EPSS Score
0.011
Published
2006-02-08