Hosting Controller 6.1 before Hotfix 3.3 allows remote malicious users to (1) delete the virtual directory of an arbitrary site via a modified ForumID parameter in a disableforum action in DisableForum.asp and (2) create an arbitrary forum virtual directory via an empty ForumID parameter in an enableforum action in EnableForum.asp.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hosting controller hosting controller 2002_rc_1 |
||
hosting controller hosting controller 6.1 |
||
hosting controller hosting controller 6.1_hotfix_2.4 |
||
hosting controller hosting controller 6.1_hotfix_3.1 |
||
hosting controller hosting controller 1.4 |
||
hosting controller hosting controller 1.4.1 |
||
hosting controller hosting controller 6.1_hotfix_2.0 |
||
hosting controller hosting controller 6.1_hotfix_2.1 |
||
hosting controller hosting controller 1.4b |
||
hosting controller hosting controller 2002 |
||
hosting controller hosting controller 6.1_hotfix_2.2 |
||
hosting controller hosting controller 6.1_hotfix_2.3 |
||
hosting controller hosting controller 1.1 |
||
hosting controller hosting controller 1.3 |
||
hosting controller hosting controller 6.1_hotfix_1.4 |
||
hosting controller hosting controller 6.1_hotfix_1.7 |
||
hosting controller hosting controller 6.1_hotfix_1.9 |
||
hosting controller hosting controller |