CVE-2005-1788
published 2005-06-01CVE-2005-1788: SQL injection vulnerability in resellerresources.asp in Hosting Controller 6.1 Hotfix 2.0 allows remote attackers to execute arbitrary SQL commands via the…
PriorityP338high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.08%
79.2th percentile
SQL injection vulnerability in resellerresources.asp in Hosting Controller 6.1 Hotfix 2.0 allows remote attackers to execute arbitrary SQL commands via the jresourceid parameter.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hosting_controller | hosting_controller | — | — |
| hosting_controller | hosting_controller | — | — |
| hosting_controller | hosting_controller | — | — |
| hosting_controller | hosting_controller | — | — |
| hosting_controller | hosting_controller | — | — |
| hosting_controller | hosting_controller | — | — |
| hosting_controller | hosting_controller | — | — |
| hosting_controller | hosting_controller | — | — |
| hosting_controller | hosting_controller | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8v7g-v8r8-6rff: SQL injection vulnerability in resellerresources
ghsa_unreviewed·2022-05-01
CVE-2005-1788 [HIGH] GHSA-8v7g-v8r8-6rff: SQL injection vulnerability in resellerresources
SQL injection vulnerability in resellerresources.asp in Hosting Controller 6.1 Hotfix 2.0 allows remote attackers to execute arbitrary SQL commands via the jresourceid parameter.
GHSA
GHSA-fxrc-xxvp-87xr: Unspecified vulnerability in Hosting Controller before 6
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2006-3147 [HIGH] GHSA-fxrc-xxvp-87xr: Unspecified vulnerability in Hosting Controller before 6
Unspecified vulnerability in Hosting Controller before 6.1 (aka Hotfix 3.2) allows remote authenticated attackers to gain host admin privileges, list all resellers, or change resellers' passwords via unspecified vectors. NOTE: due to the lack of precise details, it is not clear whether this is related to a previously disclosed issue such as CVE-2005-1788.
No detection rules found.
Exploit-DB
Hosting Controller 6.1 - 'plandetails.asp' Information Disclosure
exploitdb·2005-05-28
CVE-2005-1788 Hosting Controller 6.1 - 'plandetails.asp' Information Disclosure
Hosting Controller 6.1 - 'plandetails.asp' Information Disclosure
---
source: https://www.securityfocus.com/bid/13806/info
Hosting Controller is reported prone to multiple vulnerabilities. These issues can allow an attacker gain unauthorized access to data and carry out SQL injection attacks.
These issues reportedly affect Hosting Controller 6.1 HotFix 2.0 and prior versions.
http://www.example.com/admin/hosting/plandetails.asp?hostcustid=[PlanID]
Exploit-DB
Hosting Controller 6.1 - 'resellerresources.asp?jresourceid' SQL Injection
exploitdb·2005-05-28
CVE-2005-1788 Hosting Controller 6.1 - 'resellerresources.asp?jresourceid' SQL Injection
Hosting Controller 6.1 - 'resellerresources.asp?jresourceid' SQL Injection
---
source: https://www.securityfocus.com/bid/13806/info
Hosting Controller is reported prone to multiple vulnerabilities. These issues can allow an attacker gain unauthorized access to data and carry out SQL injection attacks.
These issues reportedly affect Hosting Controller 6.1 HotFix 2.0 and prior versions.
http://www.example.com/admin/hosting/resellerresources.asp?action=2&jresourceid=1%20or%201=1
No writeups or analysis indexed.
2005-06-01
Published