Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6495

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2007-6495
Last Modified 15 Nov 2008 02:04:49
Published 20 Dec 2007 03:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2007-6495

Summary

inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named (1) db, (2) www, (3) Special, and (4) log at arbitrary locations under the web root via a modified Dirroot parameter in an AddUser action to accounts/AccountActions.asp. NOTE: this can be leveraged for remote code execution by changing the permissions of \Forum\db, which is configured for execution of ASP scripts with administrative privileges, and then uploading a script to \Forum\db.

Vulnerable Systems

Application

  • Hosting Controller 6.1 Hotfix 3.3


References

BID - 26862

BUGTRAQ - 20071213 Hosting Controller - Multiple Security Bugs (Extremely Critical)

MILW0RM - 4730

OSVDB - 44184

SECTRACK - 1019222

SREASON - 3474

SECUNIA - 28973

CONFIRM - http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html


Last Updated: 27 May 2016 10:46:31