Lucene search

[email protected]CVE-2007-6503

HistoryDec 20, 2007 - 8:46 p.m.

CVE-2007-6503

2007-12-2020:46:00

CWE-264

[email protected]

web.nvd.nist.gov

hosting controller

vulnerabilities

remote authentication

import

change

arbitrary plans

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.5%

JSON

Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to (1) import an arbitrary plan via a request to hosting/importhostingplans.asp; or (2) change an arbitrary plan via a request to hosting/AutoSignUpPlans.asp with the (a) save, (b) 30, and © d_30 parameters.

Affected configurations

NVD

Node

hosting_controllerhosting_controllerRange≤6.1_hotfix_3.3

CPENameOperatorVersion
hosting_controller:hosting_controllerhosting controllerle6.1_hotfix_3.3

CPE	Name	Operator	Version
hosting_controller:hosting_controller	hosting controller	le	6.1_hotfix_3.3

References

hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html

secunia.com/advisories/28973

securitytracker.com/id?1019222

www.securityfocus.com/archive/1/485028/100/0/threaded

www.securityfocus.com/bid/26862

exchange.xforce.ibmcloud.com/vulnerabilities/39038

www.exploit-db.com/exploits/4730

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.5%

JSON

Related for CVE-2007-6503

prion1 nvd1 cvelist1