Hosting Controller 6.1 stores forum/db/forum.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as user name and password credentials. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Hosting_controller | Hosting_controller | * | 6.1_hotfix_2.9 (including) |
| Hosting_controller | Hosting_controller | 1.1 (including) | 1.1 (including) |
| Hosting_controller | Hosting_controller | 1.3 (including) | 1.3 (including) |
| Hosting_controller | Hosting_controller | 1.4 (including) | 1.4 (including) |
| Hosting_controller | Hosting_controller | 1.4.1 (including) | 1.4.1 (including) |
| Hosting_controller | Hosting_controller | 1.4b (including) | 1.4b (including) |
| Hosting_controller | Hosting_controller | 6.1 (including) | 6.1 (including) |
| Hosting_controller | Hosting_controller | 6.1_hotfix_1.4 (including) | 6.1_hotfix_1.4 (including) |
| Hosting_controller | Hosting_controller | 6.1_hotfix_1.7 (including) | 6.1_hotfix_1.7 (including) |
| Hosting_controller | Hosting_controller | 6.1_hotfix_1.9 (including) | 6.1_hotfix_1.9 (including) |
| Hosting_controller | Hosting_controller | 6.1_hotfix_2.0 (including) | 6.1_hotfix_2.0 (including) |
| Hosting_controller | Hosting_controller | 6.1_hotfix_2.1 (including) | 6.1_hotfix_2.1 (including) |
| Hosting_controller | Hosting_controller | 6.1_hotfix_2.3 (including) | 6.1_hotfix_2.3 (including) |
| Hosting_controller | Hosting_controller | 6.1_hotfix_2.8 (including) | 6.1_hotfix_2.8 (including) |
| Hosting_controller | Hosting_controller | 2002 (including) | 2002 (including) |
| Hosting_controller | Hosting_controller | 2002_rc_1 (including) | 2002_rc_1 (including) |