Vulnerabilities > CVE-2006-5630 - Remote Security vulnerability in Hosting Controller
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Hosting Controller 6.1 before Hotfix 3.3 allows remote attackers to (1) delete the virtual directory of an arbitrary site via a modified ForumID parameter in a disableforum action in DisableForum.asp and (2) create an arbitrary forum virtual directory via an empty ForumID parameter in an enableforum action in EnableForum.asp. This vulnerability is addressed in the following product update: Hosting Controller, Hosting Controller, 6.1 Hotfix 3.3