CVE-2006-5629

Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp. NOTE: it was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hosting_controller:hosting_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:1.1:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:1.3:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:1.4:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:1.4b:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:6.1:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_1.4:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_1.7:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_1.9:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.0:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.1:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.2:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.3:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.4:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_3.1:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:2002:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:2002_rc_1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-10-31 22:07

Updated : 2024-02-28 11:01


NVD link : CVE-2006-5629

Mitre link : CVE-2006-5629

CVE.ORG link : CVE-2006-5629


JSON object : View

Products Affected

hosting_controller

  • hosting_controller
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')