CVE-2006-0581

high

Description

SQL injection vulnerability in Hosting Controller 6.1 Hotfix 2.8 allows remote authenticated users to execute arbitrary SQL commands via the (1) GatewayID parameter in an add action in AddGatewaySettings.asp and (2) IP parameter in IPManager.asp.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/24537

http://www.vupen.com/english/advisories/2006/0460

http://www.osvdb.org/22983

http://www.osvdb.org/22982

http://secunia.com/advisories/18731

Details

Source: Mitre, NVD

Published: 2006-02-08

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.01118