CVE-2005-1654
Hosting Controller <6.1.9 - RCE
Title source: llmDescription
Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers to register arbitrary users via a direct request to addsubsite.asp with the loginname and password parameters set.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Silentium · cremotewindows
https://www.exploit-db.com/exploits/987
Scores
EPSS
0.0212
EPSS Percentile
83.9%
Classification
CWE
CWE-425
Status
draft
Affected Products (12)
hostingcontroller/hosting_controller
< 6.1
hostingcontroller/hosting_controller
hostingcontroller/hosting_controller
hostingcontroller/hosting_controller
hostingcontroller/hosting_controller
hostingcontroller/hosting_controller
hostingcontroller/hosting_controller
hostingcontroller/hosting_controller
hostingcontroller/hosting_controller
hostingcontroller/hosting_controller
hostingcontroller/hosting_controller
hostingcontroller/hosting_controller
Timeline
Published
May 18, 2005
Tracked Since
Feb 18, 2026