Vulnerability Details : CVE-2005-1654
Potential exploit
Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers to register arbitrary users via a direct request to addsubsite.asp with the loginname and password parameters set.
Products affected by CVE-2005-1654
- cpe:2.3:a:hostingcontroller:hosting_controller:*:*:*:*:*:*:*:*
- cpe:2.3:a:hostingcontroller:hosting_controller:6.1:hotfix1.0:*:*:*:*:*:*
- cpe:2.3:a:hostingcontroller:hosting_controller:6.1:-:*:*:*:*:*:*
- cpe:2.3:a:hostingcontroller:hosting_controller:6.1:hotfix1.1:*:*:*:*:*:*
- cpe:2.3:a:hostingcontroller:hosting_controller:6.1:hotfix1.4:*:*:*:*:*:*
- cpe:2.3:a:hostingcontroller:hosting_controller:6.1:hotfix1.3:*:*:*:*:*:*
- cpe:2.3:a:hostingcontroller:hosting_controller:6.1:hotfix1.5:*:*:*:*:*:*
- cpe:2.3:a:hostingcontroller:hosting_controller:6.1:hotfix1.8:*:*:*:*:*:*
- cpe:2.3:a:hostingcontroller:hosting_controller:6.1:hotfix1.7:*:*:*:*:*:*
- cpe:2.3:a:hostingcontroller:hosting_controller:6.1:hotfix1.2:*:*:*:*:*:*
- cpe:2.3:a:hostingcontroller:hosting_controller:6.1:hotfix1.9:*:*:*:*:*:*
- cpe:2.3:a:hostingcontroller:hosting_controller:6.1:hotfix1.6:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-1654
2.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-1654
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2005-1654
-
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.Assigned by: nvd@nist.gov (Primary)
References for CVE-2005-1654
-
http://secunia.com/advisories/15271
About Secunia Research | FlexeraBroken Link
-
http://isun.shabgard.org/hc3.txt
Broken Link;Exploit;Patch
Jump to