CVE-2006-1620

Hosting Controller < 6.1_hotfix_3.3 - Unauthenticated Password Modification via AccountActions.asp

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1620. PoCs published by BugReport.IR.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in Hosting Controller 6.1 Hot fix <= 3.3, including authentication bypass, privilege escalation, and arbitrary file upload leading to remote code execution. It provides detailed steps and HTML/JS PoC code for exploiting these flaws.

Description

admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allows remote attackers to modify passwords of other users, probably via an "Update User" ActionType with a modified UserName parameter and the PassCheck parameter set to TRUE. It was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier.

Exploits (1)

exploitdb WORKING POC VERIFIED
by BugReport.IR · textwebappsasp
https://www.exploit-db.com/exploits/4730

The exploit demonstrates multiple vulnerabilities in Hosting Controller 6.1 Hot fix <= 3.3, including authentication bypass, privilege escalation, and arbitrary file upload leading to remote code execution. It provides detailed steps and HTML/JS PoC code for exploiting these flaws.

Classification
Working Poc 95%
Attack Type
Rce | Auth Bypass | Sqli | Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Hosting Controller 6.1 Hot fix <= 3.3
No auth needed
Prerequisites: Access to the target Hosting Controller web interface
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28973
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/485028/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/429731/100/0/threaded
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4730
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/26862
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/24773
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25673
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39038

Scores

EPSS 0.0219
EPSS Percentile 80.3%

Details

Status published
Products (2)
hosting_controller/hosting_controller 2002_rc_1
hosting_controller/hosting_controller < 6.1_hotfix_3.3
Published Apr 05, 2006
Tracked Since Feb 18, 2026