Family: CGI abuses --> Category: infos
Hosting Controller < 6.1 Hotfix 2.1 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple vulnerabilities in Hosting Controller < 6.1 hotfix 2.1
Detailed Explanation for this Vulnerability Test
The remote web server contains an ASP application with multiple flaws.
According to its version number, the version of Hosting Controller on
the remote host suffers from multiple vulnerabilities:
- An authenticated user can modify another user's profile,
even an admin's, recover his/her password, and then gain
access to the affected application as that user.
- An authenticated user can view, edit, and even delete
reseller add-on plans.
- The scripts 'sendpassword.asp' and 'error.asp' are prone
to cross-site scripting attacks.
See also :
Upgrade to version 6.1 if necessary and apply Hotfix 2.1.
Low / CVSS Base Score : 3
Click HERE for more information and discussions on this network vulnerability scan.