CVE-2007-6503

Name of the Vulnerable Software and Affected Versions Hosting Controller versions prior to 6.1 Hot fix 3.3

Description The issue allows remote authenticated users to import or change arbitrary plans. This can be achieved by sending a request to "hosting/importhostingplans.asp" to import a plan or to "hosting/AutoSignUpPlans.asp" with specific parameters, including save, 30, and d 30, to change a plan.

Recommendations For versions prior to 6.1 Hot fix 3.3, update to a version later than 6.1 Hot fix 3.3 to resolve the issue. As a temporary workaround, consider restricting access to the "hosting/importhostingplans.asp" and "hosting/AutoSignUpPlans.asp" endpoints to minimize the risk of exploitation. Additionally, avoid using the save, 30, and d 30 parameters in the "hosting/AutoSignUpPlans.asp" endpoint until the issue is resolved.