Vulnerability Description
Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp. NOTE: it was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hosting Controller | Hosting Controller | <= 6.1_hotfix_3.2 |
Related Weaknesses (CWE)
References
- http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes
- http://secunia.com/advisories/22607Vendor Advisory
- http://secunia.com/advisories/28973Vendor Advisory
- http://securitytracker.com/id?1017103ExploitPatch
- http://www.kapda.ir/advisory-442.htmlExploitPatchVendor Advisory
- http://www.securityfocus.com/archive/1/485028/100/0/threaded
- http://www.securityfocus.com/bid/20661ExploitPatch
- http://www.securityfocus.com/bid/26862
- http://www.vupen.com/english/advisories/2006/4296Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39036
- https://www.exploit-db.com/exploits/4730
- http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes
- http://secunia.com/advisories/22607Vendor Advisory
- http://secunia.com/advisories/28973Vendor Advisory
- http://securitytracker.com/id?1017103ExploitPatch
FAQ
What is CVE-2006-5629?
CVE-2006-5629 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) en...
How severe is CVE-2006-5629?
CVE-2006-5629 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5629?
Check the references section above for vendor advisories and patch information. Affected products include: Hosting Controller Hosting Controller.