Lucene search
+L
EhcpEasy Hosting Control Panel

12 matches found

cve
cve
added 2018/05/11 9:0 p.m.56 views

CVE-2018-6458

CVE-2018-6458 affects Easy Hosting Control Panel (EHCP) version 0.37.12.b. The connected documents confirm a cross-site request forgery (CSRF) vulnerability due to insufficient CSRF protection. Exploitation could enable a remote attacker to perform unauthorized actions on behalf of authenticated ...

8.8CVSS8.8AI score0.10463EPSS
cve
cve
added 2018/05/11 9:0 p.m.43 views

CVE-2018-6619

CVE-2018-6619 affects Easy Hosting Control Panel (EHCP) v0.37.12.b. The vulnerability stems from the use of a weak hashing algorithm without a salt for database passwords (e.g., MD5), making it easier for attackers to crack passwords. Multiple connected sources corroborate insecure cryptography a...

7.8CVSS7.5AI score0.00363EPSS
cve
cve
added 2018/05/11 9:0 p.m.40 views

CVE-2018-6361

The CVE-2018-6361 entry affects Easy Hosting Control Panel (EHCP) v0.37.12.b. The connected sources describe a Cross-Site Scripting (XSS) vulnerability triggered through the op parameter, enabling an attacker to add a backdoor FTP account. The underlying issue is inadequate input validation/sanit...

6.1CVSS5.9AI score0.3956EPSS
cve
cve
added 2018/05/11 9:0 p.m.40 views

CVE-2018-6362

EHCP (Easy Hosting Control Panel) version 0.37.12.b is affected by a Cross-Site Scripting vulnerability in the domainop action parameter. The vulnerability allows a crafted request to execute script in a user’s browser and, as demonstrated in public advisories, can lead to reading the PHPSESSID c...

6.1CVSS6AI score0.01058EPSS
cve
cve
added 2018/05/11 9:0 p.m.39 views

CVE-2018-6617

EHCP v0.37.12.b is affected: when using a local MySQL server, an attacker can change passwords of arbitrary database users because EHCP fails to prompt for the current password when setting a new one. This is a local-attack vector with high impact on confidentiality and integrity of database cred...

7.8CVSS7.4AI score0.00428EPSS
cve
cve
added 2018/05/11 9:0 p.m.32 views

CVE-2018-6618

CVE-2018-6618 affects Easy Hosting Control Panel (EHCP) v0.37.12.b, where passwords are stored in plaintext. The underlying issue is cleartext password storage, enabling an attacker with access to read sensitive credentials. The connected documents confirm the product/version and the insecure sto...

7.8CVSS7.4AI score0.00474EPSS
cve
cve
added 2025/08/22 12:0 a.m.24 views

CVE-2025-50858

The CVE-2025-50858 vulnerability affects Easy Hosting Control Panel (EHCP) version 20.04.1.b, where the List MySQL Databases function is vulnerable to Reflected Cross-Site Scripting via the action parameter. The root cause is a reflected XSS flaw that allows an authenticated user to inject JavaSc...

6.1CVSS6.8AI score0.00224EPSS
cve
cve
added 2025/08/22 12:0 a.m.23 views

CVE-2025-50859

CVE-2025-50859 affects Easy Hosting Control Panel (EHCP) 20.04.1.b and is a reflected cross-site scripting vulnerability in the Change Template function. An authenticated user can supply a crafted template parameter to trigger arbitrary JavaScript execution, with impact described as partial in so...

6.1CVSS6.8AI score0.00272EPSS
cve
cve
added 2025/08/08 12:0 a.m.21 views

CVE-2025-50927

CVE-2025-50927 concerns EHCP v20.04.1.b where the List All FTP User Function is vulnerable to reflected XSS via the ftpusername parameter. Authenticated attackers can inject JavaScript, potentially enabling session hijacking or redirection to malicious sites. Public writeups describe the vulnerab...

6.3CVSS5.5AI score0.00198EPSS
cve
cve
added 2025/08/21 12:0 a.m.20 views

CVE-2025-50860

CVE-2025-50860 : EHCP (Easy Hosting Control Panel) 20.04.1.b contains an SQL injection in the listdomains function. The vulnerability arises from improper handling of the arananalan POST parameter in /index.php?op=listdomains, enabling authenticated attackers to access or manipulate backend datab...

5.4CVSS8.2AI score0.00213EPSS
cve
cve
added 2025/08/08 12:0 a.m.20 views

CVE-2025-50928

CVE-2025-50928 affects Easy Hosting Control Panel EHCP v20.04.1.b. The vulnerability is a SQL injection via the id parameter in the Change Settings function. The CVSS v3.1 base vector indicates: AV:N, AC:H, PR:N, UI:N, S:U, C:L, I:L, A:N, with a base score of 4.8 (Medium). Public detail in connec...

4.8CVSS7.7AI score0.00237EPSS
cve
cve
added 2025/08/19 12:0 a.m.19 views

CVE-2025-50926

CVE-2025-50926 affects Easy Hosting Control Panel (EHCP) version 20.04.1.b. The vulnerability is a SQL injection in the id parameter of the List All Email Addresses function, caused by unsanitized input leading to database query manipulation. The PacketStorm entry provides an explicit HTTP GET ex...

6.5CVSS8.5AI score0.0024EPSS