CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
82.4%
Hosting Controller 6.1 before Hotfix 3.3 allows remote attackers to (1) delete the virtual directory of an arbitrary site via a modified ForumID parameter in a disableforum action in DisableForum.asp and (2) create an arbitrary forum virtual directory via an empty ForumID parameter in an enableforum action in EnableForum.asp.
Vendor | Product | Version | CPE |
---|---|---|---|
hosting_controller | hosting_controller | * | cpe:2.3:a:hosting_controller:hosting_controller:*:*:*:*:*:*:*:* |
hosting_controller | hosting_controller | 1.1 | cpe:2.3:a:hosting_controller:hosting_controller:1.1:*:*:*:*:*:*:* |
hosting_controller | hosting_controller | 1.3 | cpe:2.3:a:hosting_controller:hosting_controller:1.3:*:*:*:*:*:*:* |
hosting_controller | hosting_controller | 1.4 | cpe:2.3:a:hosting_controller:hosting_controller:1.4:*:*:*:*:*:*:* |
hosting_controller | hosting_controller | 1.4.1 | cpe:2.3:a:hosting_controller:hosting_controller:1.4.1:*:*:*:*:*:*:* |
hosting_controller | hosting_controller | 1.4b | cpe:2.3:a:hosting_controller:hosting_controller:1.4b:*:*:*:*:*:*:* |
hosting_controller | hosting_controller | 6.1 | cpe:2.3:a:hosting_controller:hosting_controller:6.1:*:*:*:*:*:*:* |
hosting_controller | hosting_controller | 6.1_hotfix_1.4 | cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_1.4:*:*:*:*:*:*:* |
hosting_controller | hosting_controller | 6.1_hotfix_1.7 | cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_1.7:*:*:*:*:*:*:* |
hosting_controller | hosting_controller | 6.1_hotfix_1.9 | cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_1.9:*:*:*:*:*:*:* |