CVE-2006-5629
published 2006-10-31CVE-2006-5629: Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.96%
85.5th percentile
Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp. NOTE: it was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hosting_controller | hosting_controller | <= 6.1_hotfix_3.2 | — |
| hosting_controller | hosting_controller | — | — |
| hosting_controller | hosting_controller | — | — |
| hosting_controller | hosting_controller | — | — |
| hosting_controller | hosting_controller | — | — |
| hosting_controller | hosting_controller | — | — |
| hosting_controller | hosting_controller | — | — |
| hosting_controller | hosting_controller | — | — |
| hosting_controller | hosting_controller | — | — |
| hosting_controller | hosting_controller | — | — |
| hosting_controller | hosting_controller | — | — |
| hosting_controller | hosting_controller | — | — |
| hosting_controller | hosting_controller | — | — |
| hosting_controller | hosting_controller | — | — |
| hosting_controller | hosting_controller | — | — |
| hosting_controller | hosting_controller | — | — |
| hosting_controller | hosting_controller | — | — |
| hosting_controller | hosting_controller | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Hosting Controller up to 6.1 disableforum.asp ForumID sql injection (EDB-4730 / Nessus ID 22902)
vuldb·2026-04-26·CVSS 7.5
CVE-2006-5629 [HIGH] Hosting Controller up to 6.1 disableforum.asp ForumID sql injection (EDB-4730 / Nessus ID 22902)
A vulnerability labeled as critical has been found in Hosting Controller up to 6.1. The affected element is an unknown function of the file disableforum.asp. Such manipulation of the argument ForumID leads to sql injection.
This vulnerability is referenced as CVE-2006-5629. It is possible to launch the attack remotely. Furthermore, an exploit is available.
A patch should be applied to remediate this issue.
GHSA
GHSA-jp4w-24h8-h868: Multiple SQL injection vulnerabilities in Hosting Controller 6
ghsa_unreviewed·2022-05-01
CVE-2006-5629 [HIGH] CWE-89 GHSA-jp4w-24h8-h868: Multiple SQL injection vulnerabilities in Hosting Controller 6
Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp. NOTE: it was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier.
No detection rules found.
No writeups or analysis indexed.
http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.htmlhttp://secunia.com/advisories/22607http://secunia.com/advisories/28973http://securitytracker.com/id?1017103http://www.kapda.ir/advisory-442.htmlhttp://www.securityfocus.com/archive/1/485028/100/0/threadedhttp://www.securityfocus.com/bid/20661http://www.securityfocus.com/bid/26862http://www.vupen.com/english/advisories/2006/4296https://exchange.xforce.ibmcloud.com/vulnerabilities/39036https://www.exploit-db.com/exploits/4730http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.htmlhttp://secunia.com/advisories/22607http://secunia.com/advisories/28973http://securitytracker.com/id?1017103http://www.kapda.ir/advisory-442.htmlhttp://www.securityfocus.com/archive/1/485028/100/0/threadedhttp://www.securityfocus.com/bid/20661http://www.securityfocus.com/bid/26862http://www.vupen.com/english/advisories/2006/4296https://exchange.xforce.ibmcloud.com/vulnerabilities/39036https://www.exploit-db.com/exploits/4730
2006-10-31
Published