Lucene search

[email protected]CVE-2007-6494

HistoryDec 20, 2007 - 8:46 p.m.

CVE-2007-6494

2007-12-2020:46:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2007-6494

hosting controller

remote attack

6.8 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

84.4%

JSON

Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to obtain login access via a request to hosting/addreseller.asp with a username in the reseller parameter, followed by a request to AdminSettings/displays.asp with the DecideAction and ChangeSkin parameters.

CPENameOperatorVersion
hosting_controller:hosting_controllerhosting controllereq6.1_hotfix_3.3

CPE	Name	Operator	Version
hosting_controller:hosting_controller	hosting controller	eq	6.1_hotfix_3.3

References

osvdb.org/44186

securityreason.com/securityalert/3474

securitytracker.com/id?1019222

www.securityfocus.com/archive/1/485028/100/0/threaded

www.securityfocus.com/bid/26862

exchange.xforce.ibmcloud.com/vulnerabilities/39038

www.exploit-db.com/exploits/4730

6.8 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

84.4%

JSON

Related for CVE-2007-6494

nessus1 cvelist1 prion1