CVE-2005-1784

Hosting Controller <6.1.2.0 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1784. PoCs published by Soroush Dalili.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in Hosting Controller 6.1 HotFix 2.0 and older, allowing an authenticated user to modify other users' profiles, including email addresses, which can be leveraged to reset passwords via the 'forgot password' feature.

Description

Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers to steal passwords and gain privileges via a modified emailaddress parameter in an updateprofile action for UserProfile.asp.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Soroush Dalili · textwebappsasp

https://www.exploit-db.com/exploits/1015

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass vulnerability in Hosting Controller 6.1 HotFix 2.0 and older, allowing an authenticated user to modify other users' profiles, including email addresses, which can be leveraged to reset passwords via the 'forgot password' feature.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Hosting Controller 6.1 HotFix 2.0 and older

Auth required

Prerequisites: Authenticated access to the Hosting Controller application

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Vendor Advisory vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1014062

Scores

EPSS 0.0563

EPSS Percentile 91.9%

Details

Status published

Products (1)

hosting_controller/hosting_controller < 6.1_hotfix_2.0

Published May 27, 2005

Tracked Since Feb 18, 2026