CVE-2006-5629

Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp. NOTE: it was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hosting_controller:hosting_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:1.1:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:1.3:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:1.4:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:1.4b:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:6.1:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_1.4:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_1.7:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_1.9:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.0:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.1:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.2:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.3:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.4:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_3.1:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:2002:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:2002_rc_1:*:*:*:*:*:*:*

History

21 Nov 2024, 00:19

Type Values Removed Values Added
References () http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html - () http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html -
References () http://secunia.com/advisories/22607 - Vendor Advisory () http://secunia.com/advisories/22607 - Vendor Advisory
References () http://secunia.com/advisories/28973 - Vendor Advisory () http://secunia.com/advisories/28973 - Vendor Advisory
References () http://securitytracker.com/id?1017103 - Exploit, Patch () http://securitytracker.com/id?1017103 - Exploit, Patch
References () http://www.kapda.ir/advisory-442.html - Exploit, Patch, Vendor Advisory () http://www.kapda.ir/advisory-442.html - Exploit, Patch, Vendor Advisory
References () http://www.securityfocus.com/archive/1/485028/100/0/threaded - () http://www.securityfocus.com/archive/1/485028/100/0/threaded -
References () http://www.securityfocus.com/bid/20661 - Exploit, Patch () http://www.securityfocus.com/bid/20661 - Exploit, Patch
References () http://www.securityfocus.com/bid/26862 - () http://www.securityfocus.com/bid/26862 -
References () http://www.vupen.com/english/advisories/2006/4296 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/4296 - Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/39036 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/39036 -
References () https://www.exploit-db.com/exploits/4730 - () https://www.exploit-db.com/exploits/4730 -

Information

Published : 2006-10-31 22:07

Updated : 2024-11-21 00:19


NVD link : CVE-2006-5629

Mitre link : CVE-2006-5629

CVE.ORG link : CVE-2006-5629


JSON object : View

Products Affected

hosting_controller

  • hosting_controller
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')