Description: zatuzik has reported a security issue in Hosting Controller, which can be exploited by malicious users to gain knowledge of certain sensitive information.
The problem is caused due to missing access controls on the "admin/com/comgetfile.asp" script and can be exploited to view the names of folders belonging to other users. This discloses valid usernames since the folders are named according to the users.
The security issue has been reported in version 6.1 with hotfix 2.1 and 2.2. Prior versions may also be affected.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.