CVE-2025-50860
MEDIUMEasy Hosting Control Panel 20.04.1.b - SQL Injection
Title source: llmDescription
SQL Injection in the listdomains function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows authenticated attackers to access or manipulate database contents via the arananalan POST parameter.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://packetstorm.news/files/id/208535
Product
https://www.ehcp.net/?p=402
Scores
CVSS v3
5.4
EPSS
0.0021
EPSS Percentile
11.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (1)
ehcp/easy_hosting_control_panel
20.04.1.b
Published
Aug 21, 2025
Tracked Since
Feb 18, 2026