CVE-2006-3147

Hosting Controller <6.1 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3147. PoCs published by Soroush Dalili.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in Hosting Controller 6.1 Hotfix <= 3.1, allowing an attacker to escalate privileges to reseller and then admin by manipulating form submissions to addreseller.asp and Check_Password.asp.

Description

Unspecified vulnerability in Hosting Controller before 6.1 (aka Hotfix 3.2) allows remote authenticated attackers to gain host admin privileges, list all resellers, or change resellers' passwords via unspecified vectors. NOTE: due to the lack of precise details, it is not clear whether this is related to a previously disclosed issue such as CVE-2005-1788.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Soroush Dalili · textwebappsasp
https://www.exploit-db.com/exploits/1987

This exploit demonstrates an authentication bypass vulnerability in Hosting Controller 6.1 Hotfix <= 3.1, allowing an attacker to escalate privileges to reseller and then admin by manipulating form submissions to addreseller.asp and Check_Password.asp.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Hosting Controller 6.1 Hotfix <= 3.1
No auth needed
Prerequisites: Access to the vulnerable web interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016444
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27340
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/18565
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20743
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/26693
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2459

Scores

EPSS 0.0262
EPSS Percentile 83.5%

Details

Status published
Products (9)
hosting_controller/hosting_controller 6.1
hosting_controller/hosting_controller 6.1_hotfix_1.4
hosting_controller/hosting_controller 6.1_hotfix_1.7
hosting_controller/hosting_controller 6.1_hotfix_1.9
hosting_controller/hosting_controller 6.1_hotfix_2.0
hosting_controller/hosting_controller 6.1_hotfix_2.1
hosting_controller/hosting_controller 6.1_hotfix_2.3
hosting_controller/hosting_controller 6.1_hotfix_2.8
hosting_controller/hosting_controller 6.1_hotfix_2.9
Published Jun 22, 2006
Tracked Since Feb 18, 2026