admin/accounts/AccountActions.asp in Hosting Controller...
Moderate severity
Unreviewed
Published
May 1, 2022
to the GitHub Advisory Database
•
Updated Jan 31, 2023
Description
Published by the National Vulnerability Database
Apr 5, 2006
Published to the GitHub Advisory Database
May 1, 2022
Last updated
Jan 31, 2023
admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allows remote attackers to modify passwords of other users, probably via an "Update User" ActionType with a modified UserName parameter and the PassCheck parameter set to TRUE. It was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier.
References