cbcvebase.
CVE-2006-5629
published 2006-10-31

CVE-2006-5629: Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID…

PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.96%
85.5th percentile
Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp. NOTE: it was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier.

Affected

18 ranges
VendorProductVersion rangeFixed in
hosting_controllerhosting_controller<= 6.1_hotfix_3.2
hosting_controllerhosting_controller
hosting_controllerhosting_controller
hosting_controllerhosting_controller
hosting_controllerhosting_controller
hosting_controllerhosting_controller
hosting_controllerhosting_controller
hosting_controllerhosting_controller
hosting_controllerhosting_controller
hosting_controllerhosting_controller
hosting_controllerhosting_controller
hosting_controllerhosting_controller
hosting_controllerhosting_controller
hosting_controllerhosting_controller
hosting_controllerhosting_controller
hosting_controllerhosting_controller
hosting_controllerhosting_controller
hosting_controllerhosting_controller
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.