CVE-2006-5630

2006-10-3122:00:00

mitre

www.cve.org

AI Score

6.7

Confidence

High

EPSS

0.009

Percentile

82.4%

JSON

Hosting Controller 6.1 before Hotfix 3.3 allows remote attackers to (1) delete the virtual directory of an arbitrary site via a modified ForumID parameter in a disableforum action in DisableForum.asp and (2) create an arbitrary forum virtual directory via an empty ForumID parameter in an enableforum action in EnableForum.asp.

References

secunia.com/advisories/22607

securityreason.com/securityalert/1804

securitytracker.com/id?1017103

www.kapda.ir/advisory-442.html

www.securityfocus.com/archive/1/449937/100/0/threaded

www.vupen.com/english/advisories/2006/4296