CVE-2005-2219
published 2005-07-12CVE-2005-2219: Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to perform unauthorized actions, such as modifying the credit limit, via a direct request…
PriorityP420medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
1.92%
77.4th percentile
Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to perform unauthorized actions, such as modifying the credit limit, via a direct request to AccountActions.asp and modifying the CreditLimit parameter in an UpdateCreditLimit action.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hosting_controller | hosting_controller | <= 6.1_hotfix_3.3 | — |
| hosting_controller | hosting_controller | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g5gm-chcx-fcwf: Hosting Controller 6
ghsa_unreviewed·2022-05-01
CVE-2005-2219 [MEDIUM] GHSA-g5gm-chcx-fcwf: Hosting Controller 6
Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to perform unauthorized actions, such as modifying the credit limit, via a direct request to AccountActions.asp and modifying the CreditLimit parameter in an UpdateCreditLimit action.
GHSA
GHSA-c8xf-q675-96cv: Hosting Controller 6
ghsa_unreviewed·2022-05-01·CVSS 4.6
CVE-2007-6497 [MEDIUM] GHSA-c8xf-q675-96cv: Hosting Controller 6
Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote attackers to change arbitrary user profiles via a request to Hosting/Addreseller.asp with modified loginname and email parameters; and (2) allows remote authenticated users to change a credit amount and increase a discount via an UpdateUser action to Accounts/AccountActions.asp with modified UserName, FullName, CreditLimit, and DefaultDiscount parameters, a related issue to CVE-2005-2219.
No detection rules found.
No writeups or analysis indexed.
2005-07-12
Published