Vulnerability Description
Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp, (3) the sortfield parameter to accounts/accountmanager.asp, (4) the GateWayID parameter to OpenApi/GatewayVariables.asp, and possibly (5) unspecified vectors to IIS/iibind.asp.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hosting Controller | Hosting Controller | 6.1_hotfix_3.3 |
Related Weaknesses (CWE)
References
- http://securityreason.com/securityalert/3474
- http://securitytracker.com/id?1019222
- http://www.securityfocus.com/archive/1/485028/100/0/threaded
- http://www.securityfocus.com/bid/26862
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39036
- https://www.exploit-db.com/exploits/4730
- http://securityreason.com/securityalert/3474
- http://securitytracker.com/id?1019222
- http://www.securityfocus.com/archive/1/485028/100/0/threaded
- http://www.securityfocus.com/bid/26862
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39036
- https://www.exploit-db.com/exploits/4730
FAQ
What is CVE-2007-6498?
CVE-2007-6498 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname paramete...
How severe is CVE-2007-6498?
CVE-2007-6498 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6498?
Check the references section above for vendor advisories and patch information. Affected products include: Hosting Controller Hosting Controller.