CVE Vulnerabilities

CVE-2007-6495

Published: Dec 20, 2007 | Modified: Oct 15, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named (1) db, (2) www, (3) Special, and (4) log at arbitrary locations under the web root via a modified Dirroot parameter in an AddUser action to accounts/AccountActions.asp. NOTE: this can be leveraged for remote code execution by changing the permissions of Forumdb, which is configured for execution of ASP scripts with administrative privileges, and then uploading a script to Forumdb.

Affected Software

Name Vendor Start Version End Version
Hosting_controller Hosting_controller 6.1_hotfix_3.3 (including) 6.1_hotfix_3.3 (including)

References