Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp. NOTE: it was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier.
References
Link | Resource |
---|---|
http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html | |
http://secunia.com/advisories/22607 | Vendor Advisory |
http://secunia.com/advisories/28973 | Vendor Advisory |
http://securitytracker.com/id?1017103 | Exploit Patch |
http://www.kapda.ir/advisory-442.html | Exploit Patch Vendor Advisory |
http://www.securityfocus.com/archive/1/485028/100/0/threaded | |
http://www.securityfocus.com/bid/20661 | Exploit Patch |
http://www.securityfocus.com/bid/26862 | |
http://www.vupen.com/english/advisories/2006/4296 | Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/39036 | |
https://www.exploit-db.com/exploits/4730 |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2006-10-31 22:07
Updated : 2024-02-28 11:01
NVD link : CVE-2006-5629
Mitre link : CVE-2006-5629
CVE.ORG link : CVE-2006-5629
JSON object : View
Products Affected
hosting_controller
- hosting_controller
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')