CVE Vulnerability

CVE-2007-6498

Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp, (3) the sortfield parameter to accounts/accountmanager.asp, (4) the GateWayID parameter to OpenApi/GatewayVariables.asp, and possibly (5) unspecified vectors to IIS/iibind.asp.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://www.securityfocus.com/bid/26862
http://securitytracker.com/id?1019222
http://securityreason.com/securityalert/3474
https://exchange.xforce.ibmcloud.com/vulnerabilities/39036
https://www.exploit-db.com/exploits/4730
http://www.securityfocus.com/archive/1/485028/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_3.3:*:*:*:*:*:*:*
Information

Published : 2007-12-20 08:46

Updated : 2018-10-15 09:54

NVD link : CVE-2007-6498

Mitre link : CVE-2007-6498

Products Affected
No products.
CWE
CWE-89