CVE-2025-50860 – This SQL injection vulnerability in Easy Hostin... (How to Fix)

📋 TL;DR

This SQL injection vulnerability in Easy Hosting Control Panel allows authenticated attackers to execute arbitrary SQL commands via the arananalan POST parameter. Attackers can potentially read, modify, or delete database contents. Only EHCP installations with version 20.04.1.b are affected.

💻 Affected Systems

Products:

Easy Hosting Control Panel (EHCP)

Versions: 20.04.1.b

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the EHCP interface. The vulnerability is in the listdomains function.

📦 What is this software?

Easy Hosting Control Panel by Ehcp

View all CVEs affecting Easy Hosting Control Panel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, privilege escalation, and potential system takeover via subsequent attacks.

🟠

Likely Case

Unauthorized access to sensitive hosting data, customer information, and configuration details stored in the database.

🟢

If Mitigated

Limited impact due to proper input validation, parameterized queries, and database permission restrictions.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires authenticated access to the EHCP panel. SQL injection via POST parameter arananalan.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for patched version

Vendor Advisory: https://www.ehcp.net/?p=402

Restart Required: No

Instructions:

1. Check the vendor advisory at https://www.ehcp.net/?p=402
2. Apply the recommended patch or update
3. Verify the fix by testing the vulnerable parameter

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side input validation for the arananalan parameter

Web Application Firewall

all

Deploy WAF rules to block SQL injection patterns in POST requests

🧯 If You Can't Patch

Implement strict input validation and parameterized queries in the listdomains function
Restrict database user permissions to minimum required privileges

🔍 How to Verify

Check if Vulnerable:

Test the listdomains function with SQL injection payloads in the arananalan POST parameter

Check Version:

Check EHCP version in admin panel or configuration files

Verify Fix Applied:

Attempt SQL injection in the arananalan parameter and verify it's properly sanitized or blocked

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts followed by listdomains access

Network Indicators:

POST requests to listdomains endpoint with SQL keywords in parameters

SIEM Query:

source="web_logs" AND uri="*listdomains*" AND (param="*SELECT*" OR param="*UNION*" OR param="*OR 1=1*")

📊 Metadata

CVE ID: CVE-2025-50860

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-89

EPSS Score: 0.03% exploit probability (9.4th percentile)

Published: August 21, 2025

Last Updated: November 25, 2025

🔗 References

https://packetstorm.news/files/id/208535 Exploit,Third Party Advisory
https://www.ehcp.net/?p=402 Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-50860, you might also want to check these: