Shodan
Vulnerabilities
Vulnerable Software
Ehcp:  Security Vulnerabilities
CVE-2025-50858
Reflected Cross-Site Scripting in the List MySQL Databases function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via the action parameter.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-08-22
CVE-2025-50859
Reflected Cross-Site Scripting in the Change Template function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via the template parameter.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-08-22
CVE-2025-50860
SQL Injection in the listdomains function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows authenticated attackers to access or manipulate database contents via the arananalan POST parameter.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-08-21
CVE-2025-50926
Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the List All Email Addresses function.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-08-19
CVE-2025-50928
Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the Change Settings function.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-08-08
CVE-2025-50927
A reflected cross-site scripting (XSS) vulnerability in the List All FTP User Function in EHCP v20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via injecting a crafted payload into the ftpusername parameter.
CVSS Score
6.3
EPSS Score
0.001
Published
2025-08-08
CVE-2018-6361
Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the op parameter, as demonstrated by adding a backdoor FTP account.
CVSS Score
6.1
EPSS Score
0.018
Published
2018-05-11
CVE-2018-6362
Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the domainop action parameter, as demonstrated by reading the PHPSESSID cookie.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-05-11
CVE-2018-6458
Easy Hosting Control Panel (EHCP) v0.37.12.b allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-05-11
CVE-2018-6617
Easy Hosting Control Panel (EHCP) v0.37.12.b, when using a local MySQL server, allows attackers to change passwords of arbitrary database users by leveraging failure to ask for the current password.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-05-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved