CVE-2006-5630

Hosting Controller 6.1 before Hotfix 3.3 allows remote attackers to (1) delete the virtual directory of an arbitrary site via a modified ForumID parameter in a disableforum action in DisableForum.asp and (2) create an arbitrary forum virtual directory via an empty ForumID parameter in an enableforum action in EnableForum.asp.

Published: Oct 31, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-5630
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
hosting_controller / hosting_controller	6.1_hotfix_1.4	6.1_hotfix_1.4.x
hosting_controller / hosting_controller	1.1	1.1.x
hosting_controller / hosting_controller	1.3	1.3.x
hosting_controller / hosting_controller	6.1_hotfix_1.9	6.1_hotfix_1.9.x
hosting_controller / hosting_controller	-	6.1_hotfix_3.2.x
hosting_controller / hosting_controller	6.1_hotfix_2.3	6.1_hotfix_2.3.x
hosting_controller / hosting_controller	2002	2002.x
hosting_controller / hosting_controller	6.1_hotfix_2.4	6.1_hotfix_2.4.x
hosting_controller / hosting_controller	6.1_hotfix_1.7	6.1_hotfix_1.7.x
hosting_controller / hosting_controller	2002_rc_1	2002_rc_1.x
hosting_controller / hosting_controller	1.4b	1.4b.x
hosting_controller / hosting_controller	6.1_hotfix_2.1	6.1_hotfix_2.1.x
hosting_controller / hosting_controller	6.1_hotfix_2.2	6.1_hotfix_2.2.x
hosting_controller / hosting_controller	6.1_hotfix_2.0	6.1_hotfix_2.0.x
hosting_controller / hosting_controller	6.1	6.1.x
hosting_controller / hosting_controller	1.4.1	1.4.1.x
hosting_controller / hosting_controller	6.1_hotfix_3.1	6.1_hotfix_3.1.x
hosting_controller / hosting_controller	1.4	1.4.x

Vulnerability Database

289,871

CVE-2006-5630