CVE-2005-1654 Information

Description

Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers to register arbitrary users via a direct request to addsubsite.asp with the loginname and password parameters set.

Reference

http://isun.shabgard.org/hc3.txt http://secunia.com/advisories/15271