Lucene search

[email protected]CVE-2007-6497

HistoryDec 20, 2007 - 8:46 p.m.

CVE-2007-6497

2007-12-2020:46:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2007-6497

hosting controller

remote attackers

user profiles

discounts

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.1%

JSON

Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote attackers to change arbitrary user profiles via a request to Hosting/Addreseller.asp with modified loginname and email parameters; and (2) allows remote authenticated users to change a credit amount and increase a discount via an UpdateUser action to Accounts/AccountActions.asp with modified UserName, FullName, CreditLimit, and DefaultDiscount parameters, a related issue to CVE-2005-2219.

Affected configurations

NVD

Node

hosting_controllerhosting_controllerRange≤6.1_hotfix_3.3

CPENameOperatorVersion
hosting_controller:hosting_controllerhosting controllerle6.1_hotfix_3.3

CPE	Name	Operator	Version
hosting_controller:hosting_controller	hosting controller	le	6.1_hotfix_3.3

References

hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html

secunia.com/advisories/28973

securityreason.com/securityalert/3474

securitytracker.com/id?1019222

www.securityfocus.com/archive/1/485028/100/0/threaded

www.securityfocus.com/bid/26862

www.exploit-db.com/exploits/4730

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.1%

JSON

Related for CVE-2007-6497

nvd2 prion1 cvelist2 nessus1 cve1