Unrated severityNVD Advisory· Published Dec 20, 2007· Updated Jun 16, 2026
CVE-2007-6498
CVE-2007-6498
Description
Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp, (3) the sortfield parameter to accounts/accountmanager.asp, (4) the GateWayID parameter to OpenApi/GatewayVariables.asp, and possibly (5) unspecified vectors to IIS/iibind.asp.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_3.3:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_3.3:*:*:*:*:*:*:*
- (no CPE)range: <=6.1 Hot fix 3.3
Patches
Vulnerability mechanics
References
6News mentions
0No linked articles in our index yet.