CVE-2018-6617

Name of the Vulnerable Software and Affected Versions Easy Hosting Control Panel (EHCP) version 0.37.12.b

Description The issue allows attackers to change passwords of arbitrary database users when using a local MySQL server. This is due to the failure to ask for the current password, which enables unauthorized password changes.

Recommendations For Easy Hosting Control Panel (EHCP) version 0.37.12.b, consider implementing a mechanism to request the current password before allowing changes to database user passwords as a temporary workaround. Restrict access to the database user management functionality to minimize the risk of exploitation.