header-logo
Suggest Exploit
vendor:
Hosting Controller
by:
Luigi Auriemma
8.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Hosting Controller
Affected Version From: Hosting Controller 6.1
Affected Version To: Hosting Controller 6.1
Patch Exists: No
Related CWE: CVE-2005-3118
CPE: a:hosting_controller:hosting_controller:6.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2005

Hosting Controller SQL Injection Vulnerability

Hosting Controller is prone to an SQL injection vulnerability. This issue allows a remote attacker to manipulate query structure and logic. It has been reported that the attacker may gain unauthorized access to sensitive information. Other attacks may be possible depending on the capabilities of the underlying database and the nature of the affected query. One may input this string into the search box on the affected pages: 'or'1'='1'or'1'='1

Mitigation:

No known mitigation
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14258/info

Hosting Controller is prone to an SQL injection vulnerability.

This issue allows a remote attacker to manipulate query structure and logic. It has been reported that the attacker may gain unauthorized access to sensitive information. Other attacks may be possible depending on the capabilities of the underlying database and the nature of the affected query. 

One may input this string into the search box on the affected pages:

'or'1'='1'or'1'='1

Navigation

Suggest Exploit

Services By CQR