ID CVE-2006-3147
Summary Unspecified vulnerability in Hosting Controller before 6.1 (aka Hotfix 3.2) allows remote authenticated attackers to gain host admin privileges, list all resellers, or change resellers' passwords via unspecified vectors. NOTE: due to the lack of precise details, it is not clear whether this is related to a previously disclosed issue such as CVE-2005-1788.
References
Vulnerable Configurations
  • cpe:2.3:a:hosting_controller:hosting_controller:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:hosting_controller:hosting_controller:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_1.4:*:*:*:*:*:*:*
    cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_1.7:*:*:*:*:*:*:*
    cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_1.9:*:*:*:*:*:*:*
    cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.0:*:*:*:*:*:*:*
    cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.1:*:*:*:*:*:*:*
    cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.3:*:*:*:*:*:*:*
    cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.8:*:*:*:*:*:*:*
    cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.9:*:*:*:*:*:*:*
    cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.9:*:*:*:*:*:*:*
CVSS
Base: 6.5 (as of 20-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
refmap via4
bid 18565
confirm http://hostingcontroller.com/english/logs/hotfixlogv61_3_2.html
osvdb 26693
sectrack 1016444
secunia 20743
vupen ADV-2006-2459
xf hosting-controller-admin-gain-privileges(27340)
Last major update 20-07-2017 - 01:32
Published 22-06-2006 - 22:06
Last modified 20-07-2017 - 01:32
Back to Top