CVE-2007-6495

{"id": "CVE-2007-6495", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-12-20T20:46:00.000", "references": [{"url": "http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/44184", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28973", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/3474", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1019222", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/485028/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/26862", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/4730", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named (1) db, (2) www, (3) Special, and (4) log at arbitrary locations under the web root via a modified Dirroot parameter in an AddUser action to accounts/AccountActions.asp. NOTE: this can be leveraged for remote code execution by changing the permissions of \\Forum\\db, which is configured for execution of ASP scripts with administrative privileges, and then uploading a script to \\Forum\\db."}, {"lang": "es", "value": "inc_newuser.asp en Hosting Controller 6.1 Hot fix 3.3 y anteriores, permite a usuarios remotos validados cambiar los permisos de los directorios llamados (1) db, (2) www, (3) Special, y (4) log en lugares de su elecci\u00f3n bajo la raiz web a trav\u00e9s de un par\u00e1metro Dirroot modificado en una acci\u00f3n AddUser en accounts/AccountActions.asp. NOTA: esto podr\u00eda estar solapado con la ejecuci\u00f3n de c\u00f3digo de forma remota cambiando los permisos de \\Forum\\db, el cual se configura para la ejecuci\u00f3n de secuencias de comandos de ASP con privilegios de administrador, y por lo tanto una actualizaci\u00f3n en la secuencia de comandos en \\Forum\\db."}], "lastModified": "2018-10-15T21:54:38.067", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0D49DC9-27D0-4FDB-A273-FA161B0BC815"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}