CVE-2007-6178

Name of the Vulnerable Software and Affected Versions Easy Hosting Control Panel for Ubuntu (EHCP) versions 0.22.8 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code. This is achieved by providing a URL in the confdir parameter to specific PHP files, including dbutil.bck.php and dbutil.php in the config/ directory.

Recommendations For EHCP versions 0.22.8 and earlier, consider restricting access to the dbutil.bck.php and dbutil.php files in the config/ directory to minimize the risk of exploitation. Avoid using the confdir parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.