Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to obtain sensitive information via (1) the AdminName and AdminLevel parameters to fp2000/NEWSRVR.asp, which discloses usernames; and (2) certain XML HTTP requests to hosting/css.asp using Microsoft.XMLHTTP or MSXML2.XMLHTTP objects, which trigger a response with the setup directory pathname in the HTML source; and (3) might allow remote attackers to obtain sensitive information via a request for /admin/forum/, which reveals the path in an error message when a forum is not found.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Hosting Controller 多个信息泄露漏洞
Vulnerability Description
Hosting Controller 远程验证用户获得敏感信息可以借助(1) fp2000/NEWSRVR.asp中透漏用户名的AdminName和AdminLevel参数以及(2)对用Microsoft.XMLHTTP或MSXML2.XMLHTTP对象的hosting/css.asp地特定XML HTTP请求,该请求可以引发对建立HTML源中的目录路径名的回应;并且(3)远程攻击者可以借助对/admin/forum/的一个请求获得敏感信息, 当forum没有建立时,该请求在错误信息中隐藏路径。
CVSS Information
N/A
Vulnerability Type
N/A