CVE-2007-6495
CVE-2007-6495 affects Hosting Controller 6.1 Hot fix 3.3 and earlier. A remote authenticated user can modify Dirroot via AddUser (accounts/AccountActions.asp) to change permissions on web root folders (db, www, Special, log). This can enable remote code execution by making Forum\db executable as ...