Fortinet Discovers Easy Hosting Control Panel SQL Injection Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered a SQL Injection vulnerability in Easy Hosting Control Panel (EHCP).
Easy Hosting Control Panel is designed for hosting of multiple domains on single machine.
A SQL Injection vulnerability has been discovered in EHCP 0.38.5.b and earlier versions. It is caused by inadequate filtering of user-supplied X-Forwarded-For value.
Solutions
FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:Easy.Hosting.Control.Panel.SQL.Injection
Released Jun 25, 2018
Users should apply the solution provided by Easy Hosting Control Panel.
Timeline
Fortinet reported the vulnerability to Easy Hosting Control Panel on June 22, 2018.
Easy Hosting Control Panel confirmed the vulnerability on June 23, 2018.
Easy Hosting Control Panel patched the vulnerability on June 23, 2018.