PT-2005-2752 · Hosting Controller · Hosting Controller
Publicado
2005-05-27
·
Atualizado
2008-09-05
·
CVE-2005-1784
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Hosting Controller versions 6.1 HotFix 2.0 and earlier
Description
The issue allows remote attackers to steal passwords and gain privileges. This is achieved by modifying the
emailaddress parameter in an updateprofile action for UserProfile.asp.Recommendations
For Hosting Controller versions 6.1 HotFix 2.0 and earlier, consider restricting access to the
updateprofile action in UserProfile.asp to minimize the risk of exploitation. Avoid using the emailaddress parameter in the affected action until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Hosting Controller