Description
Unspecified vulnerability in Hosting Controller before 6.1 (aka Hotfix 3.2) allows remote authenticated attackers to gain host admin privileges, list all resellers, or change resellers' passwords via unspecified vectors. NOTE: due to the lack of precise details, it is not clear whether this is related to a previously disclosed issue such as CVE-2005-1788.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Soroush Dalili · textwebappsasp
https://www.exploit-db.com/exploits/1987
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1016444
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27340
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/18565
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20743
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/26693
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2459
Patch x_refsource_confirm
http://hostingcontroller.com/english/logs/hotfixlogv61_3_2.html
Scores
EPSS
0.0164
EPSS Percentile
82.0%
Details
Status
published
Products (9)
hosting_controller/hosting_controller
6.1
hosting_controller/hosting_controller
6.1_hotfix_1.4
hosting_controller/hosting_controller
6.1_hotfix_1.7
hosting_controller/hosting_controller
6.1_hotfix_1.9
hosting_controller/hosting_controller
6.1_hotfix_2.0
hosting_controller/hosting_controller
6.1_hotfix_2.1
hosting_controller/hosting_controller
6.1_hotfix_2.3
hosting_controller/hosting_controller
6.1_hotfix_2.8
hosting_controller/hosting_controller
6.1_hotfix_2.9
Published
Jun 22, 2006
Tracked Since
Feb 18, 2026