CVE-2005-1654

Name of the Vulnerable Software and Affected Versions Hosting Controller versions 6.1 Hotfix 1.9 and earlier

Description The issue allows remote attackers to register arbitrary users via a direct request to "addsubsite.asp" with the loginname and password parameters set. This enables unauthorized access to the system.

Recommendations For Hosting Controller versions 6.1 Hotfix 1.9 and earlier, consider restricting access to the "addsubsite.asp" endpoint until a patch is available. As a temporary workaround, avoid using the loginname and password parameters in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.