Ehcp Easy Hosting Control Panel vulnerabilities
12 known vulnerabilities affecting ehcp/easy_hosting_control_panel.
Total CVEs
12
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM8
Vulnerabilities
Page 1 of 1
CVE-2018-6458P3HIGHCVSS 8.8v0.37.12.b2018-05-11
CVE-2018-6458 [HIGH] CWE-352 CVE-2018-6458: Easy Hosting Control Panel (EHCP) v0.37.12.b allows remote attackers to conduct cross-site request f
Easy Hosting Control Panel (EHCP) v0.37.12.b allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection.
nvd
CVE-2018-6361P3MEDIUMCVSS 6.1v0.37.12.b2018-05-11
CVE-2018-6361 [MEDIUM] CWE-79 CVE-2018-6361: Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the op parameter, as demonstrated by adding
Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the op parameter, as demonstrated by adding a backdoor FTP account.
nvd
CVE-2025-50926P3MEDIUMCVSS 6.5v20.04.1.b2025-08-19
CVE-2025-50926 [MEDIUM] CWE-89 CVE-2025-50926: Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability v
Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the List All Email Addresses function.
nvd
CVE-2018-6617P3HIGHCVSS 7.8v0.37.12.b2018-05-11
CVE-2018-6617 [HIGH] CWE-287 CVE-2018-6617: Easy Hosting Control Panel (EHCP) v0.37.12.b, when using a local MySQL server, allows attackers to c
Easy Hosting Control Panel (EHCP) v0.37.12.b, when using a local MySQL server, allows attackers to change passwords of arbitrary database users by leveraging failure to ask for the current password.
nvd
CVE-2018-6619P3HIGHCVSS 7.8v0.37.12.b2018-05-11
CVE-2018-6619 [HIGH] CWE-327 CVE-2018-6619: Easy Hosting Control Panel (EHCP) v0.37.12.b makes it easier for attackers to crack database passwor
Easy Hosting Control Panel (EHCP) v0.37.12.b makes it easier for attackers to crack database passwords by leveraging use of a weak hashing algorithm without a salt.
nvd
CVE-2018-6618P4HIGHCVSS 7.8v0.37.12.b2018-05-11
CVE-2018-6618 [HIGH] CWE-522 CVE-2018-6618: Easy Hosting Control Panel (EHCP) v0.37.12.b allows attackers to obtain sensitive information by lev
Easy Hosting Control Panel (EHCP) v0.37.12.b allows attackers to obtain sensitive information by leveraging cleartext password storage.
nvd
CVE-2025-50860P4MEDIUMCVSS 5.4v20.04.1.b2025-08-21
CVE-2025-50860 [MEDIUM] CWE-89 CVE-2025-50860: SQL Injection in the listdomains function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows auth
SQL Injection in the listdomains function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows authenticated attackers to access or manipulate database contents via the arananalan POST parameter.
nvd
CVE-2025-50928P4MEDIUMCVSS 4.8v20.04.1.b2025-08-08
CVE-2025-50928 [MEDIUM] CWE-89 CVE-2025-50928: Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability v
Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the Change Settings function.
nvd
CVE-2025-50927P4MEDIUMCVSS 6.3v20.04.1.b2025-08-08
CVE-2025-50927 [MEDIUM] CWE-79 CVE-2025-50927: A reflected cross-site scripting (XSS) vulnerability in the List All FTP User Function in EHCP v20.0
A reflected cross-site scripting (XSS) vulnerability in the List All FTP User Function in EHCP v20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via injecting a crafted payload into the ftpusername parameter.
nvd
CVE-2025-50859P4MEDIUMCVSS 6.1v20.04.1.b2025-08-22
CVE-2025-50859 [MEDIUM] CWE-79 CVE-2025-50859: Reflected Cross-Site Scripting in the Change Template function in Easy Hosting Control Panel (EHCP)
Reflected Cross-Site Scripting in the Change Template function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via the template parameter.
nvd
CVE-2025-50858P4MEDIUMCVSS 6.1v20.04.1.b2025-08-22
CVE-2025-50858 [MEDIUM] CWE-79 CVE-2025-50858: Reflected Cross-Site Scripting in the List MySQL Databases function in Easy Hosting Control Panel (E
Reflected Cross-Site Scripting in the List MySQL Databases function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via the action parameter.
nvd
CVE-2018-6362P4MEDIUMCVSS 6.1v0.37.12.b2018-05-11
CVE-2018-6362 [MEDIUM] CWE-79 CVE-2018-6362: Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the domainop action parameter, as demonstra
Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the domainop action parameter, as demonstrated by reading the PHPSESSID cookie.
nvd