33 matches found
CVE-2025-50858
Reflected Cross-Site Scripting in the List MySQL Databases function in Easy Hosting Control Panel EHCP 20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via the action parameter...
CVE-2025-50860
SQL Injection in the listdomains function in Easy Hosting Control Panel EHCP 20.04.1.b allows authenticated attackers to access or manipulate database contents via the arananalan POST parameter...
CVE-2025-50927
A reflected cross-site scripting XSS vulnerability in the List All FTP User Function in EHCP v20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via injecting a crafted payload into the ftpusername parameter...
CVE-2025-50928
Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the Change Settings function...
CVE-2025-50927
A reflected cross-site scripting XSS vulnerability in the List All FTP User Function in EHCP v20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via injecting a crafted payload into the ftpusername parameter...
CVE-2025-50927
A reflected cross-site scripting XSS vulnerability in the List All FTP User Function in EHCP v20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via injecting a crafted payload into the ftpusername parameter...
CVE-2025-50927
CVE-2025-50927 concerns EHCP v20.04.1.b where the List All FTP User Function is vulnerable to reflected XSS via the ftpusername parameter. Authenticated attackers can inject JavaScript, potentially enabling session hijacking or redirection to malicious sites. Public writeups describe the vulnerab...
CVE-2025-50927
A reflected cross-site scripting XSS vulnerability in the List All FTP User Function in EHCP v20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via injecting a crafted payload into the ftpusername parameter...
Design/Logic Flaw
Easy Hosting Control Panel EHCP v0.37.12.b makes it easier for attackers to crack database passwords by leveraging use of a weak hashing algorithm without a salt...
CVE-2018-6619
Easy Hosting Control Panel EHCP v0.37.12.b makes it easier for attackers to crack database passwords by leveraging use of a weak hashing algorithm without a salt...
CVE-2018-6618
Easy Hosting Control Panel EHCP v0.37.12.b allows attackers to obtain sensitive information by leveraging cleartext password storage...
CVE-2018-6362
Easy Hosting Control Panel EHCP v0.37.12.b has XSS via the domainop action parameter, as demonstrated by reading the PHPSESSID cookie...
Code injection
Easy Hosting Control Panel EHCP v0.37.12.b has XSS via the op parameter, as demonstrated by adding a backdoor FTP account...
Design/Logic Flaw
Easy Hosting Control Panel EHCP v0.37.12.b, when using a local MySQL server, allows attackers to change passwords of arbitrary database users by leveraging failure to ask for the current password...
CVE-2018-6361
Easy Hosting Control Panel EHCP v0.37.12.b has XSS via the op parameter, as demonstrated by adding a backdoor FTP account...
CVE-2018-6617
EHCP v0.37.12.b is affected: when using a local MySQL server, an attacker can change passwords of arbitrary database users because EHCP fails to prompt for the current password when setting a new one. This is a local-attack vector with high impact on confidentiality and integrity of database cred...
CVE-2018-6458
Easy Hosting Control Panel EHCP v0.37.12.b allows remote attackers to conduct cross-site request forgery CSRF attacks by leveraging lack of CSRF protection...
CVE-2018-6618
Easy Hosting Control Panel EHCP v0.37.12.b allows attackers to obtain sensitive information by leveraging cleartext password storage...
CVE-2018-6458
CVE-2018-6458 affects Easy Hosting Control Panel (EHCP) version 0.37.12.b. The connected documents confirm a cross-site request forgery (CSRF) vulnerability due to insufficient CSRF protection. Exploitation could enable a remote attacker to perform unauthorized actions on behalf of authenticated ...
CVE-2018-6362
EHCP (Easy Hosting Control Panel) version 0.37.12.b is affected by a Cross-Site Scripting vulnerability in the domainop action parameter. The vulnerability allows a crafted request to execute script in a user’s browser and, as demonstrated in public advisories, can lead to reading the PHPSESSID c...