CVE-2005-1654 | SynScan

Vulnerability Database

289,871

Total vulnerabilities in the database

CVE-2005-1654

Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers to register arbitrary users via a direct request to addsubsite.asp with the loginname and password parameters set.

Published: May 18, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-1654
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-425

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
hostingcontroller / hosting_controller	-	6.1
hostingcontroller / hosting_controller	6.1-hotfix1.9	6.1-hotfix1.9.x
hostingcontroller / hosting_controller	6.1	6.1.x
hostingcontroller / hosting_controller	6.1-hotfix1.0	6.1-hotfix1.0.x
hostingcontroller / hosting_controller	6.1-hotfix1.1	6.1-hotfix1.1.x
hostingcontroller / hosting_controller	6.1-hotfix1.2	6.1-hotfix1.2.x
hostingcontroller / hosting_controller	6.1-hotfix1.3	6.1-hotfix1.3.x
hostingcontroller / hosting_controller	6.1-hotfix1.4	6.1-hotfix1.4.x
hostingcontroller / hosting_controller	6.1-hotfix1.5	6.1-hotfix1.5.x
hostingcontroller / hosting_controller	6.1-hotfix1.6	6.1-hotfix1.6.x
hostingcontroller / hosting_controller	6.1-hotfix1.7	6.1-hotfix1.7.x
hostingcontroller / hosting_controller	6.1-hotfix1.8	6.1-hotfix1.8.x