FKIE_CVE-2006-5629

Vulnerability from fkie_nvd - Published: 2006-10-31 22:07 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp. NOTE: it was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier.
References
cve@mitre.orghttp://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html
cve@mitre.orghttp://secunia.com/advisories/22607Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/28973Vendor Advisory
cve@mitre.orghttp://securitytracker.com/id?1017103Exploit, Patch
cve@mitre.orghttp://www.kapda.ir/advisory-442.htmlExploit, Patch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/archive/1/485028/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/20661Exploit, Patch
cve@mitre.orghttp://www.securityfocus.com/bid/26862
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/4296Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/39036
cve@mitre.orghttps://www.exploit-db.com/exploits/4730
af854a3a-2127-422b-91ae-364da2661108http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22607Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28973Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017103Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.kapda.ir/advisory-442.htmlExploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/485028/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/20661Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/26862
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/4296Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/39036
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/4730
Impacted products
Vendor Product Version
hosting_controller hosting_controller *
hosting_controller hosting_controller 1.1
hosting_controller hosting_controller 1.3
hosting_controller hosting_controller 1.4
hosting_controller hosting_controller 1.4.1
hosting_controller hosting_controller 1.4b
hosting_controller hosting_controller 6.1
hosting_controller hosting_controller 6.1_hotfix_1.4
hosting_controller hosting_controller 6.1_hotfix_1.7
hosting_controller hosting_controller 6.1_hotfix_1.9
hosting_controller hosting_controller 6.1_hotfix_2.0
hosting_controller hosting_controller 6.1_hotfix_2.1
hosting_controller hosting_controller 6.1_hotfix_2.2
hosting_controller hosting_controller 6.1_hotfix_2.3
hosting_controller hosting_controller 6.1_hotfix_2.4
hosting_controller hosting_controller 6.1_hotfix_3.1
hosting_controller hosting_controller 2002
hosting_controller hosting_controller 2002_rc_1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hosting_controller:hosting_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD0B34AC-0C2D-4E17-AC72-4BDF1769F54D",
              "versionEndIncluding": "6.1_hotfix_3.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hosting_controller:hosting_controller:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94170D21-1196-4BA2-AEB9-C28A4F08B05D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hosting_controller:hosting_controller:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3364FE23-345B-428B-BF18-A0AE4D23B03B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hosting_controller:hosting_controller:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDDE2038-F5C8-49A9-86D6-E94DA2A93016",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hosting_controller:hosting_controller:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "64E9E17B-92A3-434F-B238-8B403BE4F539",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hosting_controller:hosting_controller:1.4b:*:*:*:*:*:*:*",
              "matchCriteriaId": "1220294A-27FC-4D1C-BFA8-2B7189E04469",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hosting_controller:hosting_controller:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BD6BB80-8513-4294-8A81-FE8B11FA8BF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8DDFC8A-C341-4137-AF44-F93E814E218B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BDE7F42-4372-440E-9E8A-D4B123EB9045",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E517F5-FA8C-4099-9D2C-6818A3082881",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABC9B48D-8D14-40D1-A444-2EC2661E40A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "52010E43-81DA-4E60-8CE9-7E60DC017DA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DBFE7C3-7F21-4F63-9EB1-42C33E93B702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BAAEE0D-CDCE-46F2-8FCD-E9C9CD7BB159",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E051F8D0-46E1-4609-9C39-BE2BBD291DBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C2F192C-B59F-4EA7-9399-D1AF7F233058",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hosting_controller:hosting_controller:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7F80268-2491-4900-ABEB-9DDBC9E54DB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hosting_controller:hosting_controller:2002_rc_1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BABF84D-F609-429E-9C77-7C251F23AB31",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp.  NOTE: it was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier."
    },
    {
      "lang": "es",
      "value": "Multiples vulnerabilidades de inyecci\u00f3n de SQL en el Hosting Controller 6.1 anterior al Hotfix 3.3 permite a atacantes remotos la ejecuci\u00f3n de comandos SQL a trav\u00e9s del par\u00e1metro ForumID en  el (1) DisableForum.asp y (2) enableForum.asp. NOTE: se report\u00f3 posteriormente que la vulnerabilidad est\u00e1 presente en el Hotfix 6.1  3.3 y anteriores."
    }
  ],
  "evaluatorSolution": "This vulnerability is addressed in the following product update:\r\nHosting Controller, Hosting Controller, 6.1 Hotfix 3.3",
  "id": "CVE-2006-5629",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-10-31T22:07:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22607"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28973"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1017103"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.kapda.ir/advisory-442.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/485028/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/20661"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26862"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/4296"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39036"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/4730"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22607"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28973"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1017103"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.kapda.ir/advisory-442.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/485028/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/20661"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26862"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/4296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39036"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/4730"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.