| VID |
210004 |
| Severity |
30 |
| Port |
8077, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Hosting Controller is vulnerable to an SQL injection vulnerability via the 'ForumID' parameter. Hosting Controller is a Web hosting automation tool for Microsoft Windows platforms. Hosting Controller 6.1 Hotfix versions 3.2 and earlier are vulnerable to an SQL injection vulnerability, caused by improper filtering of user-supplied input passed to the 'tag' parameter of the EnableForum.asp and DisableForum.asp scripts. This vulnerability could permit a remote attacker to pass malicious input to database queries, potentially resulting in data exposure, modification of the query logic, or even data modification or attacks against the database itself.
* References:
http://www.kapda.ir/advisory-442.html
http://securitytracker.com/alerts/2006/Oct/1017103.html
* Platforms Affected:
HostingController.com, Hosting Controller 6.1 Hotfix versions 3.2 and earlier
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Hosting Controller (6.1 Hotfix 3.3 or later), available from the Hosting Controller Web site at http://hostingcontroller.com/english/ |
| Related URL |
CVE-2006-5629 (CVE) |
| Related URL |
20661 (SecurityFocus) |
| Related URL |
29886 (ISS) |
|
