CVE-2007-6498 Information

Description

Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp (3) the sortfield parameter to accounts/accountmanager.asp (4) the GateWayID parameter to OpenApi/GatewayVariables.asp and possibly (5) unspecified vectors to IIS/iibind.asp.

Reference

http://securityreason.com/securityalert/3474 http://securitytracker.com/id?1019222 http://www.securityfocus.com/archive/1/485028/100/0/threaded http://www.securityfocus.com/bid/26862 https://exchange.xforce.ibmcloud.com/vulnerabilities/39036 https://www.exploit-db.com/exploits/4730