Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers to register arbitrary users via a direct request to addsubsite.asp with the loginname and password parameters set.
Software | From | Fixed in |
---|---|---|
hostingcontroller / hosting_controller | - | 6.1 |
hostingcontroller / hosting_controller | 6.1 | 6.1.x |
hostingcontroller / hosting_controller | 6.1-hotfix1.0 | 6.1-hotfix1.0.x |
hostingcontroller / hosting_controller | 6.1-hotfix1.1 | 6.1-hotfix1.1.x |
hostingcontroller / hosting_controller | 6.1-hotfix1.2 | 6.1-hotfix1.2.x |
hostingcontroller / hosting_controller | 6.1-hotfix1.3 | 6.1-hotfix1.3.x |
hostingcontroller / hosting_controller | 6.1-hotfix1.4 | 6.1-hotfix1.4.x |
hostingcontroller / hosting_controller | 6.1-hotfix1.5 | 6.1-hotfix1.5.x |
hostingcontroller / hosting_controller | 6.1-hotfix1.6 | 6.1-hotfix1.6.x |
hostingcontroller / hosting_controller | 6.1-hotfix1.7 | 6.1-hotfix1.7.x |
hostingcontroller / hosting_controller | 6.1-hotfix1.8 | 6.1-hotfix1.8.x |
hostingcontroller / hosting_controller | 6.1-hotfix1.9 | 6.1-hotfix1.9.x |