Unrated severityNVD Advisory· Published Dec 20, 2007· Updated Apr 23, 2026

CVE-2007-6498

Description

Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp, (3) the sortfield parameter to accounts/accountmanager.asp, (4) the GateWayID parameter to OpenApi/GatewayVariables.asp, and possibly (5) unspecified vectors to IIS/iibind.asp.

Affected products

Hosting Controller/Hosting Controller
cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_3.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

securityreason.com/securityalert/3474nvd
securitytracker.com/idnvd
www.securityfocus.com/archive/1/485028/100/0/threadednvd
www.securityfocus.com/bid/26862nvd
exchange.xforce.ibmcloud.com/vulnerabilities/39036nvd
www.exploit-db.com/exploits/4730nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000