CVE-2006-5629

Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp. NOTE: it was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier.

Published: Oct 31, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-5629
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
hosting_controller / hosting_controller	6.1_hotfix_1.4	6.1_hotfix_1.4.x
hosting_controller / hosting_controller	1.1	1.1.x
hosting_controller / hosting_controller	1.3	1.3.x
hosting_controller / hosting_controller	6.1_hotfix_1.9	6.1_hotfix_1.9.x
hosting_controller / hosting_controller	-	6.1_hotfix_3.2.x
hosting_controller / hosting_controller	6.1_hotfix_2.3	6.1_hotfix_2.3.x
hosting_controller / hosting_controller	2002	2002.x
hosting_controller / hosting_controller	6.1_hotfix_2.4	6.1_hotfix_2.4.x
hosting_controller / hosting_controller	6.1_hotfix_1.7	6.1_hotfix_1.7.x
hosting_controller / hosting_controller	2002_rc_1	2002_rc_1.x
hosting_controller / hosting_controller	1.4b	1.4b.x
hosting_controller / hosting_controller	6.1_hotfix_2.1	6.1_hotfix_2.1.x
hosting_controller / hosting_controller	6.1_hotfix_2.2	6.1_hotfix_2.2.x
hosting_controller / hosting_controller	6.1_hotfix_2.0	6.1_hotfix_2.0.x
hosting_controller / hosting_controller	6.1	6.1.x
hosting_controller / hosting_controller	1.4.1	1.4.1.x
hosting_controller / hosting_controller	6.1_hotfix_3.1	6.1_hotfix_3.1.x
hosting_controller / hosting_controller	1.4	1.4.x

Vulnerability Database

289,871

CVE-2006-5629