CVE-2007-6495
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
20/12/2007
Last modified:
09/04/2025
Description
inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named (1) db, (2) www, (3) Special, and (4) log at arbitrary locations under the web root via a modified Dirroot parameter in an AddUser action to accounts/AccountActions.asp. NOTE: this can be leveraged for remote code execution by changing the permissions of \Forum\db, which is configured for execution of ASP scripts with administrative privileges, and then uploading a script to \Forum\db.
Impact
Base Score 2.0
6.50
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_3.3:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html
- http://osvdb.org/44184
- http://secunia.com/advisories/28973
- http://securityreason.com/securityalert/3474
- http://securitytracker.com/id?1019222=
- http://www.securityfocus.com/archive/1/485028/100/0/threaded
- http://www.securityfocus.com/bid/26862
- https://www.exploit-db.com/exploits/4730
- http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html
- http://osvdb.org/44184
- http://secunia.com/advisories/28973
- http://securityreason.com/securityalert/3474
- http://securitytracker.com/id?1019222=
- http://www.securityfocus.com/archive/1/485028/100/0/threaded
- http://www.securityfocus.com/bid/26862
- https://www.exploit-db.com/exploits/4730