PT-2006-2619 · Hosting Controller · Hosting Controller

Published

2006-04-05

Updated

2018-10-18

CVE-2006-1621

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Hosting Controller version 2002 RC 1

Description: A directory traversal issue exists, allowing remote authenticated users to overwrite arbitrary files by providing an absolute path in the OpenPath parameter in the admin/folders/saveuploadfiles.asp file.

Recommendations: For Hosting Controller version 2002 RC 1, restrict access to the saveuploadfiles.asp file in the admin/folders directory to prevent exploitation, and avoid using absolute paths in the OpenPath parameter until a fix is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-1621

Affected Products

Hosting Controller

PT-2006-2619 · Hosting Controller · Hosting Controller

CVE-2006-1621

Related Identifiers

Affected Products

References · 4