Unauthorized Modification of Credit Limit in Hosting Controller 6.1 Hotfix 2.1

Unauthorized Modification of Credit Limit in Hosting Controller 6.1 Hotfix 2.1

CVE-2005-2219 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to perform unauthorized actions, such as modifying the credit limit, via a direct request to AccountActions.asp and modifying the CreditLimit parameter in an UpdateCreditLimit action.

Learn more about our User Device Pen Test.