PT-2007-7069 · Canonical · Easy Hosting Control Panel

Mhz91

Published

2007-11-30

Updated

2017-09-29

CVE-2007-6178

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Easy Hosting Control Panel for Ubuntu (EHCP) versions 0.22.8 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code. This is achieved by providing a URL in the confdir parameter to specific PHP files, including dbutil.bck.php and dbutil.php in the config/ directory.

Recommendations For EHCP versions 0.22.8 and earlier, consider restricting access to the dbutil.bck.php and dbutil.php files in the config/ directory to minimize the risk of exploitation. Avoid using the confdir parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2007-6178

Affected Products

Easy Hosting Control Panel

PT-2007-7069 · Canonical · Easy Hosting Control Panel

CVE-2007-6178

Weakness Enumeration

Related Identifiers

Affected Products

References · 4