Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6498

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-6498
Last Modified 05 Sep 2008 05:33:23
Published 20 Dec 2007 03:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6498

Summary

Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp, (3) the sortfield parameter to accounts/accountmanager.asp, (4) the GateWayID parameter to OpenApi/GatewayVariables.asp, and possibly (5) unspecified vectors to IIS/iibind.asp.

Vulnerable Systems

Application

  • Hosting Controller 6.1 Hotfix 3.3


References

XF - hostingcontroller-multiple-sql-injection(39036)

BID - 26862

BUGTRAQ - 20071213 Hosting Controller - Multiple Security Bugs (Extremely Critical)

MILW0RM - 4730

SECTRACK - 1019222

SREASON - 3474


Last Updated: 27 May 2016 10:46:31