|
|
Family: CGI abuses --> Category: infos
Hosting Controller <= 6.1 Hotfix 2.2 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple vulnerabilities in Hosting Controller <= 6.1 Hotfix 2.2
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains an ASP application that is affected by
multiple vulnerabilities.
Description :
According to its version number, the installation of Hosting
Controller on the remote host improperly allows an authenticated user
to add hosting plans to his account, to edit the details of his own or
anyone else's hosting plans, to view the folders of all resellers and
the web admin, to add domains with unlimited quotas, and to influence
SQL queries via the 'hostcustid' parameter of the 'plandetails.asp'
script.
See also :
http://securitytracker.com/alerts/2005/Jul/1014496.html
http://hostingcontroller.com/english/logs/hotfixlogv61_2_3.html
Solution :
Apply Hotfix 2.3 or later for version 6.1.
Threat Level:
Low / CVSS Base Score : 3
(AV:R/AC:L/Au:R/C:P/A:N/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
