CVE-2005-2219

Hosting Controller 6.1 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-2219. PoCs published by Soroush Dalili.

AI-analyzed exploit summary This exploit demonstrates an authenticated credit manipulation vulnerability in Hosting Controller 6.1 HotFix 2.1 and older. By submitting a crafted POST request to AccountActions.asp, an authenticated user can arbitrarily modify their credit limit and discount values.

Description

Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to perform unauthorized actions, such as modifying the credit limit, via a direct request to AccountActions.asp and modifying the CreditLimit parameter in an UpdateCreditLimit action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Soroush Dalili · textremotewindows

https://www.exploit-db.com/exploits/1096

View Code ZIP pw:eip

This exploit demonstrates an authenticated credit manipulation vulnerability in Hosting Controller 6.1 HotFix 2.1 and older. By submitting a crafted POST request to AccountActions.asp, an authenticated user can arbitrarily modify their credit limit and discount values.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Hosting Controller 6.1 HotFix 2.1 and older

Auth required

Prerequisites: Authenticated user access to the Hosting Controller admin panel

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1014443

Scores

EPSS 0.0192

EPSS Percentile 77.3%

Details

Status published

Products (1)

hosting_controller/hosting_controller 6.1_hotfix_2.1

Published Jul 12, 2005

Tracked Since Feb 18, 2026