QwikSec

Security Database

CVE

CWE

Training

CVE-2007-6503

Published: Dec 20, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to (1) import an arbitrary plan via a request to hosting/importhostingplans.asp; or (2) change an arbitrary plan via a request to hosting/AutoSignUpPlans.asp with the (a) save, (b) 30, and (c) d_30 parameters.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

20071213 Hosting Controller - Multiple Security Bugs (Extremely Critical)

mailing-list

x_refsource_BUGTRAQ

http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html

x_refsource_CONFIRM

exploit

x_refsource_EXPLOIT-DB

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_SECTRACK

hostingcontroller-multiple-security-bypass(39038)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.