CVE-2006-5629 - Pillared Scheme
Description
Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp. NOTE: it was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier.
Reference
http://www.kapda.ir/advisory-442.html http://www.securityfocus.com/bid/20661 http://securitytracker.com/id?1017103 http://secunia.com/advisories/22607 http://www.securityfocus.com/bid/26862 http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html http://secunia.com/advisories/28973 http://www.vupen.com/english/advisories/2006/4296 https://exchange.xforce.ibmcloud.com/vulnerabilities/39036 https://www.exploit-db.com/exploits/4730 http://www.securityfocus.com/archive/1/485028/100/0/threaded