Hosting Controller 6.1 Hotfix 1.9 and earlier allows...
High severity
Unreviewed
Published
May 1, 2022
to the GitHub Advisory Database
•
Updated Jan 25, 2024
Description
Published by the National Vulnerability Database
May 18, 2005
Published to the GitHub Advisory Database
May 1, 2022
Last updated
Jan 25, 2024
Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers to register arbitrary users via a direct request to addsubsite.asp with the loginname and password parameters set.
References