33 matches found
CVE-2025-50858
Reflected Cross-Site Scripting in the List MySQL Databases function in Easy Hosting Control Panel EHCP 20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via the action parameter...
CVE-2025-50860
SQL Injection in the listdomains function in Easy Hosting Control Panel EHCP 20.04.1.b allows authenticated attackers to access or manipulate database contents via the arananalan POST parameter...
CVE-2025-50927
A reflected cross-site scripting XSS vulnerability in the List All FTP User Function in EHCP v20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via injecting a crafted payload into the ftpusername parameter...
CVE-2025-50928
Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the Change Settings function...
CVE-2025-50927
A reflected cross-site scripting XSS vulnerability in the List All FTP User Function in EHCP v20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via injecting a crafted payload into the ftpusername parameter...
CVE-2025-50927
A reflected cross-site scripting XSS vulnerability in the List All FTP User Function in EHCP v20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via injecting a crafted payload into the ftpusername parameter...
CVE-2025-50927
A reflected cross-site scripting XSS vulnerability in the List All FTP User Function in EHCP v20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via injecting a crafted payload into the ftpusername parameter...
CVE-2025-50927
CVE-2025-50927 concerns EHCP v20.04.1.b where the List All FTP User Function is vulnerable to reflected XSS via the ftpusername parameter. Authenticated attackers can inject JavaScript, potentially enabling session hijacking or redirection to malicious sites. Public writeups describe the vulnerab...
CVE-2018-6362
Easy Hosting Control Panel EHCP v0.37.12.b has XSS via the domainop action parameter, as demonstrated by reading the PHPSESSID cookie...
CVE-2018-6618
Easy Hosting Control Panel EHCP v0.37.12.b allows attackers to obtain sensitive information by leveraging cleartext password storage...
Design/Logic Flaw
Easy Hosting Control Panel EHCP v0.37.12.b, when using a local MySQL server, allows attackers to change passwords of arbitrary database users by leveraging failure to ask for the current password...
Design/Logic Flaw
Easy Hosting Control Panel EHCP v0.37.12.b makes it easier for attackers to crack database passwords by leveraging use of a weak hashing algorithm without a salt...
CVE-2018-6619
Easy Hosting Control Panel EHCP v0.37.12.b makes it easier for attackers to crack database passwords by leveraging use of a weak hashing algorithm without a salt...
Code injection
Easy Hosting Control Panel EHCP v0.37.12.b has XSS via the op parameter, as demonstrated by adding a backdoor FTP account...
CVE-2018-6618
Easy Hosting Control Panel EHCP v0.37.12.b allows attackers to obtain sensitive information by leveraging cleartext password storage...
CVE-2018-6458
Easy Hosting Control Panel EHCP v0.37.12.b allows remote attackers to conduct cross-site request forgery CSRF attacks by leveraging lack of CSRF protection...
CVE-2018-6361
The CVE-2018-6361 entry affects Easy Hosting Control Panel (EHCP) v0.37.12.b. The connected sources describe a Cross-Site Scripting (XSS) vulnerability triggered through the op parameter, enabling an attacker to add a backdoor FTP account. The underlying issue is inadequate input validation/sanit...
CVE-2018-6618
CVE-2018-6618 affects Easy Hosting Control Panel (EHCP) v0.37.12.b, where passwords are stored in plaintext. The underlying issue is cleartext password storage, enabling an attacker with access to read sensitive credentials. The connected documents confirm the product/version and the insecure sto...
CVE-2018-6617
EHCP v0.37.12.b is affected: when using a local MySQL server, an attacker can change passwords of arbitrary database users because EHCP fails to prompt for the current password when setting a new one. This is a local-attack vector with high impact on confidentiality and integrity of database cred...
CVE-2018-6458
CVE-2018-6458 affects Easy Hosting Control Panel (EHCP) version 0.37.12.b. The connected documents confirm a cross-site request forgery (CSRF) vulnerability due to insufficient CSRF protection. Exploitation could enable a remote attacker to perform unauthorized actions on behalf of authenticated ...