CVE-2007-6495

Name of the Vulnerable Software and Affected Versions Hosting Controller versions prior to 6.1 Hot fix 3.3

Description The issue allows remote authenticated users to change the permissions of specific directories at arbitrary locations under the web root. This is achieved by modifying the Dirroot parameter in an AddUser action to "accounts/AccountActions.asp". The affected directories include db, www, Special, and log. This issue can be leveraged for remote code execution by changing the permissions of "Forumdb", which is configured for execution of ASP scripts with administrative privileges, and then uploading a script to "Forumdb".

Recommendations For Hosting Controller versions prior to 6.1 Hot fix 3.3, consider restricting access to the "inc newuser.asp" file and the "AddUser" action in "accounts/AccountActions.asp" to prevent unauthorized changes to directory permissions. As a temporary workaround, restrict write access to sensitive directories such as "Forumdb" to minimize the risk of exploitation.