PT-2007-7335 · Hosting Controller · Hosting Controller

Published

2007-12-20

Updated

2018-10-15

CVE-2007-6501

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Hosting Controller versions prior to 6.1 Hot fix 3.3

Description The issue allows remote authenticated users to modify settings by sending a request to the "adminsettings/choosetranstype.asp" endpoint, specifically enabling or disabling the pay type option.

Recommendations For versions prior to 6.1 Hot fix 3.3, update to a version that includes the necessary security fixes to prevent unauthorized modification of settings.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2007-6501

Affected Products

Hosting Controller

PT-2007-7335 · Hosting Controller · Hosting Controller

CVE-2007-6501

Weakness Enumeration

Related Identifiers

Affected Products

References · 9