Detections
Analytics

Hosting Controller <= 6.1 Hotfix 2.2 Multiple Vulnerabilities

medium Nessus Plugin ID 19255

Synopsis

The remote web server contains an ASP application that is affected by multiple vulnerabilities.

Description

According to its version number, the installation of Hosting Controller on the remote host improperly allows an authenticated user to add hosting plans to his account, to edit the details of his own or anyone else's hosting plans, to view the folders of all resellers and the web admin, to add domains with unlimited quotas, and to influence SQL queries via the 'hostcustid' parameter of the 'plandetails.asp' script.

Solution

Apply Hotfix 2.3 or later for version 6.1.

See Also

http://securitytracker.com/alerts/2005/Jul/1014496.html

https://hostingcontroller.com/english/logs/hotfixlogv61_2_3.html

Plugin Details

Severity: Medium

ID: 19255

File Name: hosting_controller_61_22.nasl

Version: 1.17

Type: local

Family: CGI abuses

Published: 7/21/2005

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 7/16/2005

Reference Information

BID: 14302, 14393