Lucene search

[email protected]CVE-2006-5629

HistoryOct 31, 2006 - 10:07 p.m.

CVE-2006-5629

2006-10-3122:07:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2006-5629

sql injection

hosting controller 6.1

hotfix 3.3

forumid parameter

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.0%

JSON

Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp. NOTE: it was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier.

Affected configurations

NVD

Node

hosting_controllerhosting_controllerRange≤6.1_hotfix_3.2

hosting_controllerhosting_controllerMatch1.1

hosting_controllerhosting_controllerMatch1.3

hosting_controllerhosting_controllerMatch1.4

hosting_controllerhosting_controllerMatch1.4.1

hosting_controllerhosting_controllerMatch1.4b

hosting_controllerhosting_controllerMatch6.1

hosting_controllerhosting_controllerMatch6.1_hotfix_1.4

hosting_controllerhosting_controllerMatch6.1_hotfix_1.7

hosting_controllerhosting_controllerMatch6.1_hotfix_1.9

hosting_controllerhosting_controllerMatch6.1_hotfix_2.0

hosting_controllerhosting_controllerMatch6.1_hotfix_2.1

hosting_controllerhosting_controllerMatch6.1_hotfix_2.2

hosting_controllerhosting_controllerMatch6.1_hotfix_2.3

hosting_controllerhosting_controllerMatch6.1_hotfix_2.4

hosting_controllerhosting_controllerMatch6.1_hotfix_3.1

hosting_controllerhosting_controllerMatch2002

hosting_controllerhosting_controllerMatch2002_rc_1

CPENameOperatorVersion
hosting_controller:hosting_controllerhosting controllerle6.1_hotfix_3.2
hosting_controller:hosting_controllerhosting controllereq1.1
hosting_controller:hosting_controllerhosting controllereq1.3
hosting_controller:hosting_controllerhosting controllereq1.4
hosting_controller:hosting_controllerhosting controllereq1.4.1
hosting_controller:hosting_controllerhosting controllereq1.4b
hosting_controller:hosting_controllerhosting controllereq6.1
hosting_controller:hosting_controllerhosting controllereq6.1_hotfix_1.4
hosting_controller:hosting_controllerhosting controllereq6.1_hotfix_1.7
hosting_controller:hosting_controllerhosting controllereq6.1_hotfix_1.9

CPE	Name	Operator	Version
hosting_controller:hosting_controller	hosting controller	le	6.1_hotfix_3.2
hosting_controller:hosting_controller	hosting controller	eq	1.1
hosting_controller:hosting_controller	hosting controller	eq	1.3
hosting_controller:hosting_controller	hosting controller	eq	1.4
hosting_controller:hosting_controller	hosting controller	eq	1.4.1
hosting_controller:hosting_controller	hosting controller	eq	1.4b
hosting_controller:hosting_controller	hosting controller	eq	6.1
hosting_controller:hosting_controller	hosting controller	eq	6.1_hotfix_1.4
hosting_controller:hosting_controller	hosting controller	eq	6.1_hotfix_1.7
hosting_controller:hosting_controller	hosting controller	eq	6.1_hotfix_1.9

Rows per page:

1-10 of 181

References

hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html

secunia.com/advisories/22607

secunia.com/advisories/28973

securitytracker.com/id?1017103

www.kapda.ir/advisory-442.html

www.securityfocus.com/archive/1/485028/100/0/threaded

www.securityfocus.com/bid/20661

www.securityfocus.com/bid/26862

www.vupen.com/english/advisories/2006/4296

exchange.xforce.ibmcloud.com/vulnerabilities/39036

www.exploit-db.com/exploits/4730

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.0%

JSON

Related for CVE-2006-5629

nessus1 nvd1 cvelist1