CVE-2007-6497
CVE-2007-6497
Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote attackers to change arbitrary user profiles via a request to Hosting/Addreseller.asp with modified loginname and email parameters; and (2) allows remote authenticated users to change a credit amount and increase a discount via an UpdateUser action to Accounts/AccountActions.asp with modified UserName, FullName, CreditLimit, and DefaultDiscount parameters, a related issue to CVE-2005-2219.
Productos afectados
n/a · n/aPoCs públicas encontradas — 1
cve_referencewww.exploit-db.com/exploits/4730no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.htmlhttp://secunia.com/advisories/28973http://securityreason.com/securityalert/3474http://securitytracker.com/id?1019222https://www.exploit-db.com/exploits/4730http://www.securityfocus.com/archive/1/485028/100/0/threadedhttp://www.securityfocus.com/bid/26862