12 matches found
CVE-2018-6458
CVE-2018-6458 affects Easy Hosting Control Panel (EHCP) version 0.37.12.b. The connected documents confirm a cross-site request forgery (CSRF) vulnerability due to insufficient CSRF protection. Exploitation could enable a remote attacker to perform unauthorized actions on behalf of authenticated ...
CVE-2018-6619
CVE-2018-6619 affects Easy Hosting Control Panel (EHCP) v0.37.12.b. The vulnerability stems from the use of a weak hashing algorithm without a salt for database passwords (e.g., MD5), making it easier for attackers to crack passwords. Multiple connected sources corroborate insecure cryptography a...
CVE-2018-6361
The CVE-2018-6361 entry affects Easy Hosting Control Panel (EHCP) v0.37.12.b. The connected sources describe a Cross-Site Scripting (XSS) vulnerability triggered through the op parameter, enabling an attacker to add a backdoor FTP account. The underlying issue is inadequate input validation/sanit...
CVE-2018-6362
EHCP (Easy Hosting Control Panel) version 0.37.12.b is affected by a Cross-Site Scripting vulnerability in the domainop action parameter. The vulnerability allows a crafted request to execute script in a user’s browser and, as demonstrated in public advisories, can lead to reading the PHPSESSID c...
CVE-2018-6617
EHCP v0.37.12.b is affected: when using a local MySQL server, an attacker can change passwords of arbitrary database users because EHCP fails to prompt for the current password when setting a new one. This is a local-attack vector with high impact on confidentiality and integrity of database cred...
CVE-2018-6618
CVE-2018-6618 affects Easy Hosting Control Panel (EHCP) v0.37.12.b, where passwords are stored in plaintext. The underlying issue is cleartext password storage, enabling an attacker with access to read sensitive credentials. The connected documents confirm the product/version and the insecure sto...
CVE-2025-50858
The CVE-2025-50858 vulnerability affects Easy Hosting Control Panel (EHCP) version 20.04.1.b, where the List MySQL Databases function is vulnerable to Reflected Cross-Site Scripting via the action parameter. The root cause is a reflected XSS flaw that allows an authenticated user to inject JavaSc...
CVE-2025-50859
CVE-2025-50859 affects Easy Hosting Control Panel (EHCP) 20.04.1.b and is a reflected cross-site scripting vulnerability in the Change Template function. An authenticated user can supply a crafted template parameter to trigger arbitrary JavaScript execution, with impact described as partial in so...
CVE-2025-50927
CVE-2025-50927 concerns EHCP v20.04.1.b where the List All FTP User Function is vulnerable to reflected XSS via the ftpusername parameter. Authenticated attackers can inject JavaScript, potentially enabling session hijacking or redirection to malicious sites. Public writeups describe the vulnerab...
CVE-2025-50860
CVE-2025-50860 : EHCP (Easy Hosting Control Panel) 20.04.1.b contains an SQL injection in the listdomains function. The vulnerability arises from improper handling of the arananalan POST parameter in /index.php?op=listdomains, enabling authenticated attackers to access or manipulate backend datab...
CVE-2025-50928
CVE-2025-50928 affects Easy Hosting Control Panel EHCP v20.04.1.b. The vulnerability is a SQL injection via the id parameter in the Change Settings function. The CVSS v3.1 base vector indicates: AV:N, AC:H, PR:N, UI:N, S:U, C:L, I:L, A:N, with a base score of 4.8 (Medium). Public detail in connec...
CVE-2025-50926
CVE-2025-50926 affects Easy Hosting Control Panel (EHCP) version 20.04.1.b. The vulnerability is a SQL injection in the id parameter of the List All Email Addresses function, caused by unsanitized input leading to database query manipulation. The PacketStorm entry provides an explicit HTTP GET ex...