CVE-2006-5629
CVE-2006-5629
Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp. NOTE: it was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 2
cve_referencewww.exploit-db.com/exploits/4730não verificadoexploitdbwww.exploit-db.com/exploits/2662não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.htmlhttp://secunia.com/advisories/22607http://secunia.com/advisories/28973http://securitytracker.com/id?1017103https://exchange.xforce.ibmcloud.com/vulnerabilities/39036https://www.exploit-db.com/exploits/4730http://www.kapda.ir/advisory-442.htmlhttp://www.securityfocus.com/archive/1/485028/100/0/threadedhttp://www.securityfocus.com/bid/20661http://www.securityfocus.com/bid/26862http://www.vupen.com/english/advisories/2006/4296