CVE-2005-1654

Published May 18, 2005

Last updated 10 months ago

Overview

Description: Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers to register arbitrary users via a direct request to addsubsite.asp with the loginname and password parameters set.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-425

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:hostingcontroller:hosting_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E7FF6CB-8436-46E4-B2F2-669A4B3C9336",
            "versionEndExcluding": "6.1"
          },
          {
            "criteria": "cpe:2.3:a:hostingcontroller:hosting_controller:6.1:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B09C359F-F351-4854-9C76-1BFCA6C625F6"
          },
          {
            "criteria": "cpe:2.3:a:hostingcontroller:hosting_controller:6.1:hotfix1.0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1605211-8185-4812-97EE-8B4215FC348C"
          },
          {
            "criteria": "cpe:2.3:a:hostingcontroller:hosting_controller:6.1:hotfix1.1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A9FCB468-9B1A-4D57-93E7-2EF96BCEFC2C"
          },
          {
            "criteria": "cpe:2.3:a:hostingcontroller:hosting_controller:6.1:hotfix1.2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65126C91-193A-4961-BF65-5F89A86FB6C2"
          },
          {
            "criteria": "cpe:2.3:a:hostingcontroller:hosting_controller:6.1:hotfix1.3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1184883-0A21-418C-AEBF-D3B8D0B3A403"
          },
          {
            "criteria": "cpe:2.3:a:hostingcontroller:hosting_controller:6.1:hotfix1.4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7425EE0-8F2A-4458-9406-C51A1995EC88"
          },
          {
            "criteria": "cpe:2.3:a:hostingcontroller:hosting_controller:6.1:hotfix1.5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "507E1F49-DB92-48C2-B2AE-7C40F820D4E8"
          },
          {
            "criteria": "cpe:2.3:a:hostingcontroller:hosting_controller:6.1:hotfix1.6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2643F769-477B-4A82-8864-8B963B543E8E"
          },
          {
            "criteria": "cpe:2.3:a:hostingcontroller:hosting_controller:6.1:hotfix1.7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38BF2AE8-9564-41D0-AD32-C4C78A772DDF"
          },
          {
            "criteria": "cpe:2.3:a:hostingcontroller:hosting_controller:6.1:hotfix1.8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2FB6D27D-F410-4415-AC37-29DCAEC2C2C5"
          },
          {
            "criteria": "cpe:2.3:a:hostingcontroller:hosting_controller:6.1:hotfix1.9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A293DFA-7D0F-4CF8-8405-E011EDCDB5D9"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References