CVE-2006-5629

Hosting Controller < 6.1_hotfix_3.2 - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp. NOTE: it was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier.

Exploits (2)

exploitdb WORKING POC VERIFIED

by BugReport.IR · textwebappsasp

https://www.exploit-db.com/exploits/4730

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Soroush Dalili · textwebappsasp

https://www.exploit-db.com/exploits/2662

View Code ZIP pw:eip

References (11)

Core 11

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28973

Exploit, Patch, Vendor Advisory x_refsource_misc

http://www.kapda.ir/advisory-442.html

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/485028/100/0/threaded

Exploit, Patch vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1017103

Various Sources x_refsource_confirm

http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/22607

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/4296

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4730

Exploit, Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/20661

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/26862

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/39036

Scores

EPSS 0.0145

EPSS Percentile 80.9%

Details

CWE

CWE-89

Status published

Products (18)

hosting_controller/hosting_controller 1.1

hosting_controller/hosting_controller 1.3

hosting_controller/hosting_controller 1.4

hosting_controller/hosting_controller 1.4.1

hosting_controller/hosting_controller 1.4b

hosting_controller/hosting_controller 6.1

hosting_controller/hosting_controller 6.1_hotfix_1.4

hosting_controller/hosting_controller 6.1_hotfix_1.7

hosting_controller/hosting_controller 6.1_hotfix_1.9

hosting_controller/hosting_controller 6.1_hotfix_2.0

... and 8 more

Published Oct 31, 2006

Tracked Since Feb 18, 2026