CVE-2007-6503

Severity CVSS v4.0:
Pending analysis
Type:
CWE-264 Permissions, Privileges, and Access Control
Publication date:
20/12/2007
Last modified:
09/04/2025

Description

Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to (1) import an arbitrary plan via a request to hosting/importhostingplans.asp; or (2) change an arbitrary plan via a request to hosting/AutoSignUpPlans.asp with the (a) save, (b) 30, and (c) d_30 parameters.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:hosting_controller:hosting_controller:*:*:*:*:*:*:*:* 6.1_hotfix_3.3 (including)