CVE-2007-6498

N/A Unknown
Published: December 20, 2007 Modified: April 23, 2026
View on NVD

Description

Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp, (3) the sortfield parameter to accounts/accountmanager.asp, (4) the GateWayID parameter to OpenApi/GatewayVariables.asp, and possibly (5) unspecified vectors to IIS/iibind.asp.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://securityreason.com/securityalert/3474
Source: cve@mitre.org
http://securitytracker.com/id?1019222
Source: cve@mitre.org
http://www.securityfocus.com/archive/1/485028/100/0/threaded
Source: cve@mitre.org
http://www.securityfocus.com/bid/26862
Source: cve@mitre.org
https://exchange.xforce.ibmcloud.com/vulnerabilities/39036
Source: cve@mitre.org
https://www.exploit-db.com/exploits/4730
Source: cve@mitre.org
http://securityreason.com/securityalert/3474
Source: af854a3a-2127-422b-91ae-364da2661108
http://securitytracker.com/id?1019222
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/485028/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/26862
Source: af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/39036
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.exploit-db.com/exploits/4730
Source: af854a3a-2127-422b-91ae-364da2661108

12 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
1.2%
64th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-89

Affected Vendors

hosting_controller

Related CVEs

CVE-2026-56414 7.2
CVE-2026-55975 7.2
CVE-2026-33560 7.1
CVE-2026-31928 8.1
CVE-2026-28701 9.8