Hosting Controller 6.1 before Hotfix 3.3 allows remote attackers to (1) delete the virtual directory of an arbitrary site via a modified ForumID parameter in a disableforum action in DisableForum.asp and (2) create an arbitrary forum virtual directory via an empty ForumID parameter in an enableforum action in EnableForum.asp.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Hosting_controller | Hosting_controller | * | 6.1_hotfix_3.2 (including) |
| Hosting_controller | Hosting_controller | 1.1 (including) | 1.1 (including) |
| Hosting_controller | Hosting_controller | 1.3 (including) | 1.3 (including) |
| Hosting_controller | Hosting_controller | 1.4 (including) | 1.4 (including) |
| Hosting_controller | Hosting_controller | 1.4.1 (including) | 1.4.1 (including) |
| Hosting_controller | Hosting_controller | 1.4b (including) | 1.4b (including) |
| Hosting_controller | Hosting_controller | 6.1 (including) | 6.1 (including) |
| Hosting_controller | Hosting_controller | 6.1_hotfix_1.4 (including) | 6.1_hotfix_1.4 (including) |
| Hosting_controller | Hosting_controller | 6.1_hotfix_1.7 (including) | 6.1_hotfix_1.7 (including) |
| Hosting_controller | Hosting_controller | 6.1_hotfix_1.9 (including) | 6.1_hotfix_1.9 (including) |
| Hosting_controller | Hosting_controller | 6.1_hotfix_2.0 (including) | 6.1_hotfix_2.0 (including) |
| Hosting_controller | Hosting_controller | 6.1_hotfix_2.1 (including) | 6.1_hotfix_2.1 (including) |
| Hosting_controller | Hosting_controller | 6.1_hotfix_2.2 (including) | 6.1_hotfix_2.2 (including) |
| Hosting_controller | Hosting_controller | 6.1_hotfix_2.3 (including) | 6.1_hotfix_2.3 (including) |
| Hosting_controller | Hosting_controller | 6.1_hotfix_2.4 (including) | 6.1_hotfix_2.4 (including) |
| Hosting_controller | Hosting_controller | 6.1_hotfix_3.1 (including) | 6.1_hotfix_3.1 (including) |
| Hosting_controller | Hosting_controller | 2002 (including) | 2002 (including) |
| Hosting_controller | Hosting_controller | 2002_rc_1 (including) | 2002_rc_1 (including) |