CVE-2006-6814

Hosting Controller 7c - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6814. PoCs published by KAPDA.

AI-analyzed exploit summary The exploit describes a directory traversal vulnerability in Hosting Controller 7C, allowing attackers to access arbitrary files by manipulating the 'BrowsePath' parameter. The provided URL demonstrates traversal to 'program files' via path manipulation.

Description

Directory traversal vulnerability in FolderManager/FolderManager.aspx in Hosting Controller 7c allows remote authenticated users to read and modify arbitrary files, and list arbitrary directories via ..\ (dot dot backslash) sequences in the BrowsePath parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by KAPDA · textwebappsasp
https://www.exploit-db.com/exploits/29357

The exploit describes a directory traversal vulnerability in Hosting Controller 7C, allowing attackers to access arbitrary files by manipulating the 'BrowsePath' parameter. The provided URL demonstrates traversal to 'program files' via path manipulation.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Hosting Controller 7C
No auth needed
Prerequisites: Network access to the vulnerable application
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0023
Exploit vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017447
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21786
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23585
Exploit, Vendor Advisory x_refsource_misc
http://www.kapda.ir/advisory-458.html

Scores

EPSS 0.0194
EPSS Percentile 77.7%

Details

Status published
Products (1)
hosting_controller/hosting_controller 7c
Published Dec 29, 2006
Tracked Since Feb 18, 2026